TempleDAO Exploiter Moves Ether Worth Over $2.5M to Tornado Cash

The attacker behind last week’s exploit of decentralized finance (DeFi) protocol TempleDAO has moved the entirety of the illicitly-gained process to privacy mixer Tornado Cash over several transactions in the past 24 hours.

Temple DAO, which allows its users to earn yields on their crypto holdings, was one of the several protocols hacked in a single day last week, in a month that’s now slated to become the worse for crypto hacks.

Addresses connected to the exploiter tagged as “TempleDAO Exploiter” on the blockchain scanning tool Etherscan show the stolen funds were transferred over the weekend to wallet address 0x2b63d4a3b2db8acbb2671ea7b16993077f1db5a0.

In late Asian hours on Sunday, these funds were moved to Tornado Cash in batches of 100 ether each. The attacker was ultimately able to move 1921 ether through 21 different transactions, data shows.

Tornado Cash, which has been sanctioned by the U.S. government, enhances the privacy of transactions by breaking the on-chain link between a source and a destination address. This allows exploiters and hackers to mask their addresses while withdrawing illicitly gained funds.

Blockchain security company BlockSec said last week that the root cause of the attack was “insufficient access to control to the migrateStake function” on smart contracts related to TempleDAO.

That function automatically distributes yield rewards to a users’ wallet in case of a contract migration.