The hacker behind the attack on cryptocurrency exchange Poloniex in November 2023 recently transferred over 1,100 Ether (ETH) to sanctioned crypto mixer Tornado Cash.

The hacker sent the Ether in batches while still holding over $180 million worth of assets across different blockchains.

Poloniex Hacker Launders 1,120 ETH

According to data from Arkham Intelligence, the Poloniex hacker transferred 100 ETH in 11 batches to Tornado Cash, brining to the total to 1,100 ETH (worth around $3.37 million), and another two more of 10 ETH (valued at approximately $61,400) on May 7, all within four hours.

Apart from Ether, the Poloniex hacker previously transferred 501.62 BTC worth around $32 million on April 30 to an unknown Bitcoin address (bc1qt…xfekh).

The hackers portfolio currently holds assets worth $181.3 million, which include Ether, TRX, Bitcoin (BTC), BTCT, and Floki, with Ether being their largest holding of 25,563 ETH worth $78.6 million.

In November 2023, Poloniex lost $125 million in crypto assets to a hacker, with over 175 different tokens stolen from the exchanges hot wallet.

Following the attack, Poloniex owner Justin Sun promised full reimbursement of affected funds and also offered a 5% bounty to the hacker if they returned 95% of the stolen funds within seven days.

Blockchain security firm PeckShield revealed in March that hackers behind the HECO Bridge exploit, which also happened in November 2023, transferred over 40,391 ETH ($145.7 million) to Tornado Cash.

Tornado Cash Still Being Used by Rogue Actors

The latest development indicates that cybercriminals still use Tornado Cash, an anonymizing tool that enables users to obfuscate transaction trails, despite being sanctioned by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) in August 2022.

According to the US Treasury, the crypto mixer was used by cybercriminals such as North Koreas Lazarus Group to launder stolen funds.

Following the OFAC sanctions, developers behind Tornado Cash are facing allegations of money laundering and sanctions violations.

Alexey Pertsev, one of the developers arrested in the Netherlands in August 2022, was accused by Dutch prosecutors of laundering crypto worth $1.2 billion through the mixer.

Roman Storm pleaded not guilty in the United States to laundering over $1 billion in stolen crypto funds along with other allegations, while a third developer, Roman Semenov who was added to OFACs sanctions list, remains at large.