AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Crypto Privacy Debate Intensifies as Hacker Hides $6.5M in Tornado Cash
Generated by AI AgentCoin World
Sunday, Sep 28, 2025 11:29 pm ET2min read
AI Podcast:Your News, Now Playing
Aime Summary
The hacker behind a $9.6 million exploit on decentralized finance (DeFi) protocol ResupplyFi has deposited 1,607 ETH (approximately $6.5 million) into Tornado Cash, a privacy-focused cryptocurrency mixer, according to blockchain monitoring platforms PeckShield and Paidun[1]. The funds originated from a June 2025 price manipulation attack on ResupplyFi’s wstUSR market, which exploited vulnerabilities in the protocol’s synthetic stablecoin integration. The attacker leveraged flash loans to artificially inflate the value of wstUSR, enabling the unauthorized withdrawal of $10 million in reUSD with minimal collateral[2].
The movement of stolen assets into Tornado Cash highlights the ongoing challenges in tracing illicit crypto transactions. Tornado Cash, a decentralized protocol using zero-knowledge proofs to obscure transaction trails, allows users to deposit funds and withdraw them to a new address, severing the on-chain link between sender and receiver[3]. The platform, which faced U.S. sanctions in 2022 under Executive Order 13694 for allegedly facilitating money laundering, was delisted by the Treasury Department in March 2025 after a Fifth Circuit Court ruling deemed its
smart contracts non-sanctionable under the International Emergency Economic Powers Act[4]. This legal shift has reignited debates over the regulation of decentralized tools, with critics arguing that sanctions on code itself risk stifling innovation while proponents stress the need for accountability in combating illicit finance.Security firms noted that the ResupplyFi exploit exploited weak
mechanisms, a recurring vulnerability in DeFi protocols. Cyvers, which analyzed the attack, stated the hacker manipulated internal token valuations to siphon funds, bypassing insolvency checks[5]. The stolen assets were initially swapped to ETH and distributed across two addresses before being funneled into Tornado Cash. PeckShield reported that the attacker’s main wallet still holds a portion of the proceeds, though the use of the mixer complicates further tracking[6].ResupplyFi paused affected smart contracts and acknowledged the breach, stating that only its wstUSR market was compromised. The protocol has yet to release a full post-mortem but emphasized that other markets remain secure[7]. The incident adds to a growing tally of 2025 crypto hacks, with CertiK reporting over $2.1 billion in losses year-to-date, driven by tactics like social engineering and supply chain attacks[8]. Analysts warn that DeFi protocols reliant on synthetic assets and oracle-dependent mechanisms remain particularly vulnerable, urging stronger input validation and real-time anomaly monitoring to mitigate risks[9].
The ResupplyFi case underscores the tension between privacy and regulatory oversight in the crypto space. While Tornado Cash’s delisting has been hailed as a win for open-source developers, regulators continue to target individual actors exploiting decentralized platforms. The U.S. Department of Justice has separately indicted Tornado Cash co-founders Roman Storm and Roman Semenov for their alleged roles in laundering over $1 billion in stolen funds[10]. As the legal landscape evolves, the balance between financial privacy and compliance remains a contentious issue, with implications for the future of decentralized finance.
Coin World
Quickly understand the history and background of various well-known coins
Latest Articles
XRP News Today: Vanguard Shifts Stance on Crypto ETFs, Citing Matured Markets and Demand
Dec.02 2025
Alphabet's AI Ecosystem Fuels Flywheel Growth, Propelling Stock 68% in 2025
Dec.02 2025
Striking Baristas Secure $38.9M in Restitution, But Contract Battles Brew On
Dec.02 2025
Bitcoin News Today: Bitcoin's RSI Signals Cyclical Reset as Market Waits for Fed's Decisive Move
Dec.02 2025
Corporate Strategies Test Balance Between Growth and Sustainability
Dec.02 2025
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet