The cybercriminal who previously hacked the Cork Protocol has become active again. Now, he is laundering stolen funds and making donations.
Return of the Attacker and Money Laundering
On June 25, blockchain security firm PeckShield Alert flagged renewed activity from wallet addresses tied to the exploiters of the Cork Protocol. These movements marked the first recorded from the hacker since draining roughly $12 million from the protocol in May. The first transaction saw 1,410 ETH, worth around $3.2 million, sent to Tornado Cash, the crypto mixing service. Shortly after, the attacker transferred an additional 3,110 ETH, bringing the total laundered to 4,520 ETH, approximately $11 million at current prices.
Unexpected Assistance for Tornado Cash Developers
In a surprising twist, the attacker also sent a 10 ETH donation to a Juicebox campaign raising funds for the legal defense of Tornado Cash developers, Alexey Pertsev and Roman Storm. While the reason for the donation remains unclear, it comes as the developers face legal charges related to the use of their platform by cybercriminals.
Details of the Attack on Cork Protocol
The attack on Cork Protocol took place on May 28 and targeted the wstETH:weETH market, leading to a loss of approximately 3,761 wrapped staked ETH. According to Cork, the attacker exploited two sophisticated loopholes in the protocol’s code and deployed a malicious hook that bypassed usual validation checks. After draining the funds, decentralized exchange aggregator 1inch was used to swap the assets, complicating traceability and recovery efforts.
The activities of the Cork Protocol attacker further complicate the platform's ongoing recovery efforts. Despite the continued efforts to recover the stolen assets, the transfer of funds to Tornado Cash may hinder those initiatives.
