Voltage Finance Exploiter Moves Dormant Ether to Tornado Cash

Hacker Behind $4.67M Voltage Finance Exploit Moves Stolen Funds to Tornado Cash After Months of Inactivity

  • Funds stolen in the 2022 Voltage Finance exploit were recently moved to Tornado Cash after months of inactivity.
  • The initial attack drained $4.67 million by exploiting a vulnerability in an ERC677 token on the platform.
  • Voltage Finance suffered a second hack in March 2024, with $322,000 stolen from its Simple Staking pools.

A Hacker linked to the 2022 theft of $4.67 million from Voltage Finance, a decentralized finance lending platform, has transferred a portion of the stolen cryptocurrency to Tornado Cash, according to blockchain security firm CertiK. The new development comes after the hacker’s address had been inactive for over five months, as shown by data from Etherscan.

- Advertisement -

On May 6, CertiK stated that 100 Ether ($182,783) was moved from an address associated with the Voltage Finance exploit and deposited into Tornado Cash, a service that obscures the origins of cryptocurrency transactions. The exploit, which happened in March 2022, targeted a vulnerability in the ERC677 standard—a type of Ethereum-compatible token—by leveraging a built-in callback function that allowed a “reentrancy attack” to drain lending pool funds.

After the 2022 attack, Voltage Finance reported the hacker had taken several stablecoins and cryptocurrencies, including USDC, BUSD, wrapped Bitcoin (WBTC), and Ether. The protocol flagged the attacker’s address on Etherscan and asked cryptocurrency exchanges to block further transactions in an effort to recover the assets. The company also tried to negotiate a bounty for the return of the stolen funds, according to their postmortem report.

The attacker’s activity remained dormant until recently, with the last outgoing transaction recorded 166 days prior, according to Etherscan data. Attempts to communicate with the attacker and recover the funds by offering a bounty were unsuccessful.

Voltage Finance experienced another breach on March 18, 2024, when its Simple Staking pools were compromised and $322,000 was stolen, the platform announced in a statement. In a March 20 postmortem, Voltage Finance revealed that it had identified a developer who may have been involved in the incident, revoked the individual’s access, and reported it to authorities. “While we haven’t confirmed if he is the hacker, as a precaution, we revoked his access immediately and filed police reports to collaborate with law enforcement and centralized exchanges,” the team stated.

According to related reporting, overall crypto-related losses in April surged 1,163%, largely due to a separate $330.7 million Bitcoin theft. However, the month also saw over $18 million returned to victims, including a full return of $7.5 million after a decentralized exchange hack and partial recovery of $5 million by the ZKsync Association.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Maine Attorney General Recovers Thousands in Crypto Scam Case

The Maine Attorney General's Office has recovered thousands of dollars for a victim of...

Coinbase Shares Hit Highest Level Since 2021 Nasdaq Debut

Coinbase stock reached its highest price since its 2021 listing, nearly returning to debut...

BPX Gains FCA Nod to Trade Tokenized Securities in the UK

BPX, a startup focused on trading tokenized securities, received several authorizations from the UK’s...

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

Must Read

What Is Binance Earn?

As someone who is passionate about cryptocurrency, I am always on the lookout for new opportunities to grow my portfolio. That's why I was...