PANews reported on May 5th that, according to on-chain analyst Specter, attackers using the Wasabi protocol have transferred all stolen funds to Tornado Cash, completing a centralized coin mixing operation for approximately $5.9 million in assets.
On-chain analysis shows that the attacker and a suspected North Korean-related hacking group (DPRK) have been using Tornado Cash to launder stolen funds from companies including KelpDAO and LayerZero, exhibiting a complex, multi-stage money laundering process. Typical laundering paths include:
- Funds will first be mixed in Wasabi Mixer.
- After withdrawal, funds flow back to Ethereum via cross-chain.
- Re-entering Tornado Cash Deep Mix
- Withdraw to a new wallet and distribute to multiple addresses
- New wallet deploys tokens and drives liquidity.
- Use funds to buy and withdraw liquidity
- The assets were then transferred across the blockchain to the Tron (USDT) system.
- Funds flow to OTC linked wallets after a brief stay.
On-chain security analysis indicates that this pattern has become a template for recent high-frequency attack money laundering, exhibiting a combined structure of "coin mixing + cross-chain + tokenization + OTC exit". Industry security personnel warn that this type of attack has shifted from simple theft to a systematic, engineered money laundering path, significantly increasing the difficulty of tracking.
