Hundred Finance Hacker Transfers Stolen Funds After A Year Of Inactivity

Author: CoinSense

The Hundred Finance hacker, responsible for the $7.4 million crypto theft, resurfaced on May 1 after a year of inactivity and started moving crypto assets from Curve’s decentralized exchange.

Etherscan data revealed that a year ago, the hacker withdrew ETH and USDT worth about $800,000 that had previously served as liquidity on Curve.

Hundred Finance Hacker Generates $1M Profit

Following the withdrawal, the culprit converted the USDT and smaller amounts of altcoins, including PAXG and DAI, into Ethereum. These transactions increased the hacker’s Ether holdings by over $1 million.

As a result, the hacker now holds a total of $6.48 million worth of crypto assets, including $4.39 million worth of Ether, $1.24 million DAI, $426,000 of Wrapped Ether, $412,000 of FRAX, and smaller amounts of Wrapped Bitcoin.

Hundred Finance, a project on the Optimism blockchain, suffered a security breach in 2023, losing $7.4 million in assets.

According to Peckshield, a popular on-chain security firm, the criminal inflated the exchange rate for hWBTC by donating 200 WBTC. With a tiny amount of hWBTC, they managed to drain Hundred Finance’s lending pools. The exploit was analyzed as a combination of flash loans, critical rounding error, and smart contract manipulation.

The movement of funds from the Hundred Finance attack mirrors a recent report on a similar incident. Earlier this week, CryptoNews reported that the attacker behind the Poloniex security breach had transferred the funds after months of dormancy.

The hacker stole assets worth $33M from the exchange in 2023. A few days ago, they transferred 501 BTC (approximately $32M) to three new wallet addresses to hide the assets’ origin.

Crackdown on Crypto Mixer Adds Pressure on Cybercriminals

Many analysts believe it might be difficult for the Hundred Finance hacker to conceal the asset’s origin or convert it to fiat without a trace.

To succeed in any of these, the perpetrator has to break the traceability chain that links the funds to the hacked wallet before cashing it out – which is a tall order, as it seems. Typically, crypto mixer services like Samourai Wallet or Tornado Cash – where his exploit originated – would have provided a convenient cover to launder the funds. However, with US regulators breathing down their necks, these services are no longer a viable option for criminals.

Last week, the creators of Samourai Wallet founders were arrested and charged by the US Department of Justice (DOJ) over the alleged laundering of $100 million from an illicit market and helping criminals to launder $1.7B.

This comes after Tornado Cash’s co-founders, Roman Storm and Roman Semenov, were indicted for allegedly enabling more than $1 billion in money laundering through their platform.

Meanwhile, global regulators are tightening the screws on crypto users who hide their transaction histories. The European Parliament voted to ban crypto mixers on April 24, 2024, as part of new anti-money laundering regulations.