Lendhub protocol exploiters spotted shifting $3.85M into Tornado Cash

cointelegraph.com:

The suspected actors behind the $6 million exploit of decentralized finance (DeFi) lending protocol Lendhub have just sent more than half of their ill-gotten gains from January into sanctioned crypto mixer Tornado Cash.

Blockchain security firms PeckShield and Beosin alerted their respective followers to the movement of funds on Feb. 27, noting that around 2,415 Ether (ETH) worth around $3.85 million was sent to Tornado Cash from a wallet connected to the Jan. 12 exploit.

#PeckShieldAlert ~2,415.4 $ETH (~3.85M) into Tornado Cash from @LendHubDefi exploitersLendHub was exploited, and $6M worth of cryptos was stolen from its protocol on Jan. 12.https://t.co/vDxHlTgR0o pic.twitter.com/8FZY3v2Fe3

PeckShield previously reported the LendHub exploit was the largest in January with $6 million pilfered from the protocol.

On-chain intelligence firm Beosin tweeted that the latest movement means a total of 3,515.4 ETH, currently worth over $5.7 million, has been sent to Tornado Cash by the exploiter since Jan. 13.

Tornado Cash is a crypto mixing service that attempts to anonymize Ethereum transactions by combining vast amounts of Ether prior to depositing sums to other addresses.

The service was sanctioned on Aug. 8, 2022, by the United States Office of Foreign Assets Control (OFAC) for its alleged role in the laundering of crime proceeds.

Despite the sanctions and the website for the service being taken down, Tornado Cash is still able to run and be used as it's a smart contract housed on a decentralized blockchain.

A January report by blockchain analytics firm Chainalysis said that hacks and scams once contributed to around 34% of all inflows to the mixer and were at times inflows reached around $25 million per day, but that dropped by