A Nomad Bridge exploiter-labeled address has transferred 14,500 Ether, worth approximately $35.2 million, to Tornado Cash, a popular cryptocurrency mixing service.
According to an X post by PeckshiedAlert, funds linked to the August 2022 Nomad Bridge hack were transferred on Aug. 8.
However, the transfer of 14,500 Ether follows another transaction on Aug. 5, when 16,892 ETH was bought using stolen funds linked to Nomad Bridge.
The Aug. 5 purchase occurred during a dramatic drop in Ether’s price, falling over 20% from around $2,760 to $2,172 in less than 12 hours during a broader market slump.
The role of Tornado Cash
Tornado Cash is a decentralized, non-custodial privacy solution on the Ethereum blockchain that uses zero-knowledge proofs to break the onchain link between the source and destination of funds. While the service is designed to provide privacy for legitimate users, it has also become a tool for cybercriminals looking to launder stolen cryptocurrencies.
The case of the Nomad Bridge exploiter is not isolated. Recently, the hacker behind the Rain crypto exchange attack also began laundering stolen Ether through Tornado Cash.
Regulatory and legal responses
The persistent use of Tornado Cash by malicious actors has not gone unnoticed by regulators. In 2022, the United States Treasury Department blacklisted Tornado Cash, leading to significant scrutiny and legal actions against its developers.
A report from the Federal Reserve Bank of New York on the impact of sanctions on Tornado Cash concluded that sanctions are generally effective even in decentralized finance. The report, however, highlighted the “fragility” of the Ethereum network’s resistance to censorship and its cooperation with regulatory measures.
Tornado Cash remains operational, experiencing a notable uptick in usage even as it faces sanctions. Meanwhile, the legal situation has shifted, with Tornado Cash developer Alexey Pertsev convicted of money laundering in the Netherlands in May.
In a related development, the US Department of Justice has charged Tornado Cash developers Roman Storm and Roman Semenov with conspiracy to commit money laundering, sanctions violations and operating an unlicensed money-transmitting business.
As the crypto industry evolves, finding a balance between privacy and security remains difficult. Hackers’ use of mixing services like Tornado Cash not only jeopardizes the security of digital assets but may also threaten trust and stability in the broader cryptocurrency ecosystem.