An Ethereum address connected to a hack of the decentralized exchange Raydium laundered $2.7 million in Ether (ETH) through the privacy tool Tornado Cash, according to security firm CertiK.
The hack occurred in December and resulted in the theft of over $4.4 million in various assets. The hacker was able to compromise the admin account keys powering Raydium’s smart contracts and withdraw the platform’s liquidity pool tokens into their control. The stolen funds were then moved to Ethereum.
More than a month after the incident, an address identified as the hacker by Etherscan transferred $2.7 million of the stolen assets to Tornado Cash.
Tornado Cash, a privacy tool that allows users to obscure the transaction history of their funds, has been used frequently by hackers of decentralized finance protocols.
In 2020, Tornado Cash was sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), prohibiting all US-based individuals and entities from interacting with the app due to its potential for money laundering.
Despite the sanctions, Tornado Cash continues to be widely used by hackers.