Rain exchange attacker address starts laundering ETH through Tornado Cash
This breach and subsequent laundering activity highlight the ongoing risks faced by centralized exchanges, even those with robust security measures.
The hacker behind the recent attack on the Rain crypto exchange has begun laundering stolen Ether through Tornado Cash, a popular mixing service. Blockchain security firm PeckShield, which has been closely monitoring the situation, flagged the move.
PeckShield’s latest update reveals that the attacker transferred 1,155 Ether (ETH), worth approximately $2.9 million, to Tornado Cash. This transaction appears to be part of a larger effort to obscure the origins of the funds and make them more difficult to trace.
The Rain exchange breach
The Rain cryptocurrency exchange is based in Bahrain and specializes in serving clients from Southwest Asia and the Middle East. The exchange was exploited on April 29, with approximately $14.1 million worth of various cryptocurrencies transferred to a new wallet under suspicious circumstances, including Bitcoin (BTC), Ether, Solana (SOL) and XRP (XRP).
Onchain sleuth ZachXBT first reported the exploit on May 13, detailing the suspicious transactions that had taken place two weeks prior. The report shed light on the scale and method of the attack, raising alarms within the crypto community.
AJ Nelson, co-founder of Rain, confirmed the breach in an X post. In his statement, Nelson assured users that the exchange had covered the stolen assets from its funds, ensuring that the platform continues operating normally.
Related: Robinhood suspends 24-hour trades for 8 hours
This swift response sought to maintain user trust and demonstrate the exchange’s commitment to security and transparency.
The role of Tornado Cash
Tornado Cash is a decentralized, non-custodial privacy solution built on Ethereum. It uses zero-knowledge proofs to enable users to break the onchain link between the source and destination of funds.
While this technology is valuable for privacy-conscious users, malicious actors have also exploited it to launder stolen cryptocurrencies.
In this case, the Rain hacker’s use of Tornado Cash underscores the challenges faced by exchanges and law enforcement agencies in tracking and recovering stolen assets.
The crypto mixer service makes it significantly more difficult to trace the flow of funds, posing a significant hurdle in the pursuit of cybercriminals.
Meanwhile, the Nexera protocol was exploited for $1.5 million worth of digital assets in another smart contract security incident on Aug. 6.
Additionally, a suspected white hat hacker exploited a vulnerability in the Ronin network, making off with $9.8 million in ETH tokens, but later returned the funds on Aug. 6.
Responses