MIM hacker launders $7.5m worth of stolen funds through Tornado Cash

On-chain data reveals that the attacker behind the Magic Internet Money or MIM hack in March 2025 recently sent through $7.5m worth of stolen funds into crypto mixer platform Tornado Cash.

According to on-chain data from blockchain security firm CertiK, the MIM attacker was caught sending 3,001 ETH (ETH) or approximately $7.57 million from a crypto wallet address beginning with 0x51baB into the decentralized crypto mixer Tornado Cash.

This transaction amounts to more than half of the stolen funds from the attack on Abracadabra Finance’s stablecoin, which was $13 million in losses.

“The MIM_Spell exploiter has just sent 3,001 ETH (~$7.57M) to Tornado Cash from 0x51baB,” wrote CertiK in its recent post.

The chain of wallet transfers represented by a chart created by CertiK showed that the funds were moved through four different Ethereum-based addresses. The first transfer moved 6,261 ETH, which is equal to amount of stolen from MIM, then the second and third wallets moved 3,001 ETH before sending it to a known Tornado Cash address.

How did the MIM hack happen?

On March 25 2025, MIM Spell was exploited for 6,261.13 ETH, which was equal to nearly $13 million. The MIM hack targeted its gmCauldron smart contracts, specifically the integration between decentralized exchange GMX and Abracadabra’s lending contracts.

According to the CertiK analysis paper, the exploit allowed the attacker to borrow funds without repaying them and liquidate the funds.

“This was due to the liquidation process not overwriting records in RouterOrder that counted as collateral, allowing exploiter to falsely borrow additional funds after liquidation,” wrote CertiK.

Shortly after the hack, MIM’s parent company Abracadabra Finance declared that it has bought back 50% of the losses it suffered in the $13 million exploit. The protocol also confirmed that user funds were unaffected by the attack.

The team said that it is currently working towards restoring the stolen crypto it had lost in the exploit. However, it is becoming increasingly difficult to track the funds once the hackers have put them through crypto mixers like Tornado Cash.