Unizen Exploit Hacker Launders Over $2 Million Through Tornado Cash Mixer

The hacker from the March 2024 Unizen exploit has over $2 million laundered through the Tornado Cash mixer. The cyber security firm Peckshield

A hacker responsible for the March 2024 Unizen exploit has laundered over $2 million through the Tornado Cash mixer. Cyber security firm Peckshield Alerts reported that the attacker laundered 865.4 ETH, which is currently valued at around $2.16 million, from the exploit wallet.

This activity occurred 151 days after the first attack, which resulted in a loss of $2.1 million due to an ‘approve issue’ on Unizen’s platform. All efforts to retrieve the stolen funds from the hacker have been unsuccessful, as the hacker has not responded to the team's attempts to contact them.

The laundering process began with the transfer of 2,179,859 DAI from the exploit wallet to another unknown punk wallet, addressed as “0X866. . . 84d7.” The laundered DAI was then exchanged for ETH in Uniswap, and it continued its journey through Tornado Cash in 26 transactions. This cleared both the exploiter's pockets, while the gainers walked away with their pockets full.

The March 2024 Attack

The attack occurred on March 9, 2024, when a vulnerability in Unizen’s platform, known as the “approve issue,” was exploited, leading to the theft of $2.1 million in USDT from the firm, which was then swapped to DAI. PeckShield discovered the vulnerability and notified Unizen, but by the time the alert was received, the damage had already been done.

Unizen attempted to contact the hacker, requesting the return of the stolen assets and offering to increase the bounty for returning the assets to 20%, but the hacker never responded. The team tried to reach out to the hacker through on-chain messages in an attempt to plead for the return of the stolen funds in exchange for a reward.

The hack on the Unizen platform is reminiscent of the Nomad Bridge hack, highlighting the susceptibility of even large platforms to cyber attacks. The Nomad Bridge was attacked for around $200 million in August 2022 due to a similar oversight in vigilance, emphasizing the necessity for constant updation and enhancement of security measures. The hacker in this case was clever enough to buy the dip, purchasing thousands of ETH by swapping the stolen DAI.

The above is the detailed content of Unizen Exploit Hacker Launders Over $2 Million Through Tornado Cash Mixer. For more information, please follow other related articles on the PHP Chinese website!