Last week, more than $2 million was stolen from TempleDAO.
The person who hacked TempleDAO’s decentralized finance (DeFi) protocol last week has moved all of the money they stole to Tornado Cash in multiple transactions over the past 24 hours.
Temple DAO, which lets its users earn interest on their crypto holdings, was one of several platforms hacked in a single day last week, in a month that is now on track to be the worst ever for crypto hacks.
The stolen money was sent over the weekend to the wallet address 0x2b63d4a3b2db8acbb2671ea7b16993077f1db5o, which is linked to the “TempleDAO Exploiter” address on the blockchain scanning tool Etherscan.
On Sunday night (Asian time), these funds were moved to Tornado Cash in 100-ether batches. Data shows that the hacker was able to move 1,921 ethers over 21 different transactions. At the prices that are in place now, that ether is worth more than $2.5 million.
Tornado Cash, which has been approved by the U.S. government, makes transactions more private by breaking the link between the source address and the address where the money is going. This lets hackers and people who take advantage of other people hide their addresses while withdrawing money they got illegally.
Last week, BlockSec, a blockchain security company, said that the attack was caused by “insufficient access to control the migrateStake function” on smart contracts related to TempleDAO.
If a user’s contract moves, that function sends the user’s yield rewards to their wallet automatically.
