Cork Protocol Hacker Launders $11 Million, Donates to Tornado Cash Defense

The attacker(s) that exploited the Cork Protocol for millions earlier this year has resurfaced to launder their loot and make a surprise donation. On Wednesday, June 25, blockchain security firm PeckShield Alert flagged renewed activity from wallet addresses tied to exploiters of the decentralized finance platform Cork Protocol. The movements marked the first recorded from the hacker since draining roughly $12 million from the protocol in May.

The first transaction saw 1,410 ETH, worth around $3.2 million, sent to Tornado Cash, the infamous crypto mixing service commonly used by cyber attackers to obscure transaction trails. Shortly after, the attacker transferred an additional 3,110 ETH, bringing the total laundered to 4,520 ETH, approximately $11 million at current prices. In a surprising twist, the attacker also sent a 10 ETH donation to a Juicebox campaign raising funds for the legal defense of Tornado Cash developers, Alexey Pertsev and Roman Storm.

While the reason for the donation remains unclear, it comes as the developers face legal charges for the use of the mixer by cybercriminals and sanctioned entities. The platform has continued to be a go-to tool for laundering stolen crypto assets, especially in high-profile exploits. The Cork Protocol attacker’s latest movements further complicate the platform’s ongoing efforts to recover the stolen funds. In a statement released earlier this month, Cork Protocol reassured users that it is still working toward asset recovery, but the transfer of funds to Tornado Cash may now further hinder those efforts.

The attack on Cork Protocol took place on May 28 around 11:39 UTC and targeted the platform’s wstETH:weETH market, leading to a loss of approximately 3,761 wrapped staked ETH (wstETH). According to the Cork team, the attacker exploited two advanced loopholes in the protocol’s code to pull off the hack, and deployed a malicious hook that bypassed usual validation checks. Upon draining the funds, decentralized exchange aggregator 1inch was used to swap the assets, making them harder to trace or recover.

Cork Protocol says it continues to work closely with security partners to address the fallout and tighten security measures to guard against similar attacks in the future. The use of Tornado Cash in this incident highlights the ongoing debate surrounding privacy and regulation in the cryptocurrency space. While privacy tools like Tornado Cash are designed to protect users' financial privacy, they can also be exploited by malicious actors to launder stolen funds. This incident underscores the need for a balanced approach to regulation that protects users' privacy while also preventing illicit activities.

The donation to the legal defense fund raises questions about the motivations behind the exploiter's actions. It is unclear whether the donation was made out of a sense of guilt, a desire to support the development of privacy tools, or as a means to deflect attention from the exploit. Regardless of the motive, the donation has sparked a conversation about the ethical implications of supporting open-source development in the face of regulatory scrutiny. The incident serves as a reminder of the risks associated with DeFi platforms and the importance of implementing robust security measures. As the DeFi ecosystem continues to grow, it is crucial for developers to prioritize security and transparency to build trust with users and regulators alike. The Cork Protocol exploit and the subsequent donation to the Tornado Cash legal defense fund highlight the complex interplay between privacy, regulation, and ethics in the cryptocurrency space.