$282M Hack Update: $63M Laundered via Tornado Cash
CertiK Pulse flags $63M moving to Tornado Cash as the perpetrator of the Jan 10 whale hack begins active laundering.
A wallet connected to the massive $282 million theft from January 10 has begun aggressively laundering funds. On-chain security firm CertiK Pulse detected the movement of approximately $63 million into Tornado Cash early Monday, signaling a shift from dormancy to active obfuscation.
The Laundering Trail
According to CertiK’s real-time monitoring, the attacker moved funds to an intermediary address (0xF73a...cc21) before routing them into the sanctioned privacy protocol. The batch included at least 800 ETH (approx. $2.5M), though the total value flagged in this specific tranche hit $63 million. This follows the initial exploitation vector where a whale was socially engineered into revealing seed phrases for a hardware wallet, resulting in the loss of Bitcoin and Litecoin.
The movement of roughly $63M from a wallet tied to a $282M theft into Tornado Cash is a notable laundering milestone.
Compliance Red Flags
The usage of Tornado Cash, despite US Treasury sanctions, confirms that decentralized mixers remain the primary liquidity exit for high-value exploits. While the initial theft utilized Monero and THORChain to break cross-chain links, the pivot to Ethereum-based mixing suggests the attacker is prioritizing liquidity depth over perfect privacy. ETH traded flat at $3,200 following the news, indicating the market had likely priced in the sell-pressure risk.
This event marks the largest individual laundering operation of 2026 so far, complicating recovery efforts for law enforcement agencies already tracking the initial $282 million drainage.
