- Funds stolen in the 2022 Voltage Finance exploit were recently moved to Tornado Cash after months of inactivity.
- The initial attack drained $4.67 million by exploiting a vulnerability in an ERC677 token on the platform.
- Voltage Finance suffered a second hack in March 2024, with $322,000 stolen from its Simple Staking pools.
A Hacker linked to the 2022 theft of $4.67 million from Voltage Finance, a decentralized finance lending platform, has transferred a portion of the stolen cryptocurrency to Tornado Cash, according to blockchain security firm CertiK. The new development comes after the hacker’s address had been inactive for over five months, as shown by data from Etherscan.
On May 6, CertiK stated that 100 Ether ($182,783) was moved from an address associated with the Voltage Finance exploit and deposited into Tornado Cash, a service that obscures the origins of cryptocurrency transactions. The exploit, which happened in March 2022, targeted a vulnerability in the ERC677 standard—a type of Ethereum-compatible token—by leveraging a built-in callback function that allowed a “reentrancy attack” to drain lending pool funds.
After the 2022 attack, Voltage Finance reported the hacker had taken several stablecoins and cryptocurrencies, including USDC, BUSD, wrapped Bitcoin (WBTC), and Ether. The protocol flagged the attacker’s address on Etherscan and asked cryptocurrency exchanges to block further transactions in an effort to recover the assets. The company also tried to negotiate a bounty for the return of the stolen funds, according to their postmortem report.
The attacker’s activity remained dormant until recently, with the last outgoing transaction recorded 166 days prior, according to Etherscan data. Attempts to communicate with the attacker and recover the funds by offering a bounty were unsuccessful.
Voltage Finance experienced another breach on March 18, 2024, when its Simple Staking pools were compromised and $322,000 was stolen, the platform announced in a statement. In a March 20 postmortem, Voltage Finance revealed that it had identified a developer who may have been involved in the incident, revoked the individual’s access, and reported it to authorities. “While we haven’t confirmed if he is the hacker, as a precaution, we revoked his access immediately and filed police reports to collaborate with law enforcement and centralized exchanges,” the team stated.
According to related reporting, overall crypto-related losses in April surged 1,163%, largely due to a separate $330.7 million Bitcoin theft. However, the month also saw over $18 million returned to victims, including a full return of $7.5 million after a decentralized exchange hack and partial recovery of $5 million by the ZKsync Association.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Canaan Stock Soars on Benchmark Buy Rating, Eyes 5x Upside
- CFTC Seeks to Drop Appeal, Opening Door for Kalshi Election Bets
- Radix Opens May 9–19 Consultation on 2.4B XRD Reserve Proposal
- Traders Make $99.6M on Melania Trump’s Memecoin Just Before Launch
- Bitcoin Devs Clash Over Corporate Push to Remove OP_RETURN Limit
