Kronos Research Hacker Moves Funds to Tornado Cash

The hacker responsible for a $25M attack on Kronos Research began moving funds, using a cryptocurrency mixer called Tornado Cash.

Midway through November 2023, the hacker who was responsible for the $25 million attack on the quantitative trading firm Kronos Research began moving funds, nearly six months after the attack.

Kronos Research Hacker Moves Fund

Following the initial transfer of 1,314 Ether worth $4 million to a new address beginning with 0x8F5e4, the hacker wallet then transferred all of the Ether to a different address beginning with 0x164A24b.

An open-source license makes Tornado Cash, a cryptocurrency mixer, available for use on networks compatible with the Ethereum Virtual Machine.

The mixing services obscure the trail of cryptocurrency transactions, making it incredibly challenging to determine the origin of the funds. Despite their initial development as a privacy tool, hackers frequently use mixing services to launder stolen assets through decentralized exchange platforms.

In August 2022, the United States government decided to impose restrictions on the use of Tornado Cash due to the significant amounts of money transferred for illegal purposes.

Following this, the company’s founders faced accusations of money laundering and sanctions violations in 2023. Although there are a range of perspectives within the cryptocurrency community over the implementation of privacy mechanisms, there is a general agreement that the state should not persecute developers for the creation of an application.

PeckShield, a crypto analytics company issued a warning to the blockchain community regarding the transfer of assets on X. According to the warning, the transfer to Tornado Cash could indicate that the hacker is attempting to clean up the stolen money.

Over the years, crypto-mixing services have become the preferred choice of exploiters over centralized exchanges. They exchange block addresses once they find them.

In November 2023, the perpetrators successfully gained access to the application programming interface keys of Kronos Research Capital, leading to an attack. During the initial release, the company initially denied that there had been any financial losses.

After some time, ZachXBT, an on-chain investigator, revealed that thieves had stolen around 12,800 ETH valued at $25 million, and delivered it to six different cryptocurrency wallet addresses.

In order to conduct an investigation into the loss, Kronos Capital ceased its trading services.