Hacker Moves USD 500K Dai Using Tornado Cash From Dao Maker Exploit

Hacker Moves USD 500K Dai Using Tornado Cash From Dao Maker Exploit

The crypto security and smart contract auditing firm Certik revealed that on September 8, USD 500K in DAI was sent through the Tornado Cash mixing platform after the funds were stolen in August 2021. Peckshield, a prominent blockchain security firm, took to Twitter for informing that USD 500K in stolen funds from the Dao Maker exploits are on the move. Certik and Peckshield said an Ethereum address associated with the Dao Maker exploit last year has laundered USD 500K in Dai stablecoins through Tornado Cash. Dao Maker suffered a hack in December 2021.

DAO Maker Hacker Uses Tornado Cash to Transfer USD 500K DAI

The digital assets from the DAO Maker breach saw the loss of more than USD 7 million in ERC20 tokens and stablecoins. Hackers managed to take them and split them into different addresses owned by them. One of the addresses identified as Etherscan was used on Thursday to transfer the USD 500K DAI stablecoins.

Despite the U.S. government banning the Ethereum-based mixing application Tornado Cash, the application is on the go. The crypto security company Certik tweeted at 7:30 p.m. (ET) on Thursday about the movement of DAI. "We are seeing a movement of 500,000 DAI to Tornado Cash from EOA 0x0B789," Certik said. "The address is directly connected to the DAO Maker exploiter who stole funds from the DAO Maker. Stay safe out there."

Blockchain security firm Peckshield also tweeted to confirm the move. Peckshield confirmed that USD 500K DAI from the August 2021 DAO Maker exploit was sent through Tornado Cash. "Peckshield has detected the address labeled as DAO Maker exploiter that transferred 500K DAI to Tornado Cash," the Peckshield alert system on Twitter noted.

DAO Maker is a crowdfunding decentralized finance (Defi) application and is not the same as Makerdao, the issuer of the stablecoin DAI. The crypto-fueled fundraising protocol of DAO Maker was hacked in August 2021, according to an Ask-Me-Anything (AMA) event featuring DAO Maker’s CEO Christoph Zaknun. The hackers were able to siphon USD 7 million in ERC-20 tokens and stablecoins from 5,251 user accounts.

The U.S. Treasury Department’s watchdog, the Office of Foreign Asset Control (OFAC), banned Tornado Cash 32 days ago. But the move to ban Tornado Cash was met with criticism. The non-profit organization that focuses on policy issues, Coin Center, said on August 15 that OFAC’s Tornado Cash ban "exceeds statutory authority" and said the organization planned to "engage" with the Treasury watchdog. Cryptocurrency exchange Coinbase announced on September 8 that the company is "funding a lawsuit brought by six people challenging the U.S. Treasury Department’s sanctions of the Tornado Cash smart contracts."

The mixing service platform Tornado Cash has been in the limelight since it was slapped with sanctions on August 8 by the Treasury Department’s Office of Foreign Assets Control (OFAC) for allegedly sponsoring the laundering of USD 7 billion in illicit fund flows. The platform was also allegedly used by the infamous North Korean hacking group Lazarus to launder stolen funds worth USD 455 million. Although the sanctions are in place, hackers have continued to undermine them using decentralized finance protocols.