Stolen ETH by Deribit hackers moved to Torando Cash


  • An anonymous exploiter uses Tornado Cash to transfer stolen funds after the $28 million Deribit theft.
  • According to data from the Ethereum block explorer Etherscan, the Deribit hot wallet hacker has moved a total of 1,610 ether.
  • 17 transactions were used to move the funds, with the first one occurring on November 5—just a few days after Deribit was compromised.

Following the $28 million Deribit theft, an unidentified exploiter transfers stolen money via Tornado Cash, a decentralized cryptocurrency mixer.

The Deribit hot wallet hacker has transferred a total of 1,610 Ether based on information from the Ethereum block explorer Etherscan, or about $2.5 million, to Tornado Cash.

The money was transferred through 17 transactions, with the first one taking place on November 5—just a few days after Deribit was hacked. Only a tiny portion of the stolen ETH on the hacker’s account has been transferred to Tornado Cash, which now has a balance of 7,501 ETH ($11.8 million). On November 2, the hacker transmitted 9,080 ETH to the address for the first time.

A security compromise occurred on Deribit, the cryptocurrency futures and options exchange. From the exchange’s hot wallet, the hackers have profited by more than $28 million.

Exchanges typically use hot wallets to handle withdrawal requests immediately. These wallets are particularly hazardous because the private keys are kept on the company’s servers to sign withdrawal transactions.

On November 5, the blockchain analytics tool PeckShield published a report on the departing Tornado Cash transactions. At the moment, a little under $350,000 was taken out of the hacker’s ETH wallet.

Deribit formally disclosed that on Nov. 2, a hot wallet hack on its network resulted in the loss of $28 million in several cryptocurrencies, including BTC, ETH, and USD Coin.

Following the attack, the exchange had to cease all withdrawals to ensure sufficient security while committing to pay for all losses.

On Nov. 2, the company began routine withdrawals for BTC, ETH, and USDC after transferring all hot wallets to the Fireblocks platform for digital asset protection. Deribit emphasized that consumers should use the new Fireblocks deposit addresses rather than sending money to their old BTC, ETH, and USDC addresses.

The news comes amid lingering ambiguity around Tornado Cash and other cryptocurrency mixers following restrictions imposed by US regulators on the mixer.