CertiK Traces $63M in Tornado Cash to $282M Crypto Wallet Hack

TLDR

• CertiK traces $63M in Tornado Cash flows to the Jan. 10 wallet breach.
• Stolen assets moved cross-chain before being split and routed via Tornado Cash.
• Laundering used batch transfers to reduce scrutiny and extend the trail.
• Mixer deposits sharply reduced tracing and recovery chances for investigators.
• A social engineering scam enabled full wallet access and large asset losses.

The latest update links $63 million in Tornado Cash flows to the $282 million crypto wallet compromise of Jan. 10. CertiK identified fresh laundering activity and confirmed new movement of funds tied to the breach. Moreover, the finding expands the timeline of actions taken after the initial theft.

Tornado Cash Movement Shows Expanded Laundering Path

CertiK reported that the attacker used Tornado Cash after shifting large volumes of stolen assets across chains. The firm detected several structured transfers that pushed Ether through multiple addresses before entering Tornado Cash. The pattern aligned with known laundering behaviour observed in previous large-scale thefts.

The attacker reportedly bridged a major portion of the stolen Bitcoin to Ethereum before converting it to Ether. CertiK noted that one receiving address held 19,600 ETH after the cross-chain transfer. However, the funds were then split into smaller amounts and moved again before entering Tornado Cash.

The $63 million sum represents only part of the total stolen amount but still shows the methodical approach. Analysts observed repeated transfers in batches designed to reduce scrutiny and extend the laundering chain.  The steady use of Tornado Cash reinforced the attacker’s intent to obscure the transaction trail.

Tracing Efforts Narrow After Mixer Deposits

Crypto security teams warn that Tornado Cash deposits reduce recovery prospects once the funds complete mixing cycles. They state that mixers break visible links between addresses and disrupt wider on-chain tracing. Likewise, laundering stages become harder to map once funds exit Tornado Cash.

The Jan. 10 compromise followed this pattern as cleaner exits reduced tracking depth for investigators. Teams confirmed that additional wallet hops occurred before each Tornado Cash deposit. The entry of funds into the mixer marked a decisive barrier for follow-up tracing.

Security firms also indicated limited mitigation options after Tornado Cash involvement. Some platforms flagged minor amounts and froze them, but such actions covered only a small share. The bulk of the stolen funds moved beyond recovery shortly after the laundering process began.

Social Engineering Attack Enabled Full Access

Background checks showed that the breach began with a social engineering trick targeting the victim. The attacker impersonated support staff and secured the seed phrase used to access the wallet. The intruder gained control over Bitcoin and Litecoin reserves held in the compromised account.

The wallet contained more than 1,459 BTC and over 2 million LTC before the theft. Parts of these holdings moved into alternative assets during the early laundering stage. Sections of the funds shifted across networks before final transfers into Tornado Cash.

Security analysts continue tracking new movements but expect limited breakthroughs after the mixer entries. The repeated use of Tornado Cash highlights the attacker’s deliberate plan to erase traces. Overall, the event adds further concerns about rising cross-chain laundering activity.

The post CertiK Traces $63M in Tornado Cash to $282M Crypto Wallet Hack appeared first on CoinCentral.