Hacker Moves $85M Stolen Phemex Funds Through Tornado Cash and Mixers

The $85 million in stolen funds from cryptocurrency trading platform Phemex has started to move, with some of it being transferred to the Tornado Cash mixer. According to Global Ledger analysis, the hacker has begun splitting the funds into multiple new addresses and transferring them to Tornado Cash. The first batch of 2080 ETH, approximately $6 million, has been dispersed to 14 new addresses, leaving less than 4000 ETH in the main attacker wallet. The transfer method involves multiple hops and cross-chain interactions.

In addition to directly moving funds to Tornado Cash and eXch mixer to anonymize them, the hacker has also used platforms such as Wintermute, DLN Trade protocol, and THORChain to exchange assets. This suggests that the hacker is employing a variety of strategies to obfuscate the trail of the stolen funds and make it more difficult for law enforcement to track them.

The use of Tornado Cash, a privacy-focused mixer, indicates that the hacker is attempting to conceal the origin and destination of the stolen funds. Tornado Cash works by breaking the link between the sender and receiver of funds, making it more difficult for outsiders to track the movement of the funds. However, it is important to note that the use of such mixers is not always illegal, and they can be used for legitimate purposes as well.

The movement of the stolen funds is a significant development in the ongoing investigation into the Phemex hack. As the funds continue to move, it will be important for law enforcement and the cryptocurrency community to remain vigilant and work together to track the stolen funds and bring the hacker to justice. The use of multiple mixers and exchange platforms suggests that the hacker is sophisticated and well-versed in the techniques used to obfuscate the trail of stolen funds.