Blockchain security firm CertiK has issued a critical warning following the detection of a significant on-chain security breach that resulted in the theft of approximately $2.3 million in digital assets. The incident, tracked by CertiK's Skylens monitoring system, involved two compromised wallets.
The attack unfolded with one wallet sending roughly $1.8 million and a second wallet sending about $506,000 to the same unknown, malicious address. Following the theft, the attacker quickly converted the stolen funds—which were in the USDT stablecoin—into 757.6 Ether (ETH) and funneled the entire amount through the privacy mixer Tornado Cash. This laundering process, involving multiple transactions of varying sizes (including 10 ETH and 100 ETH transfers), was completed within minutes, a hallmark of a coordinated attack designed to obfuscate the trail of stolen funds.
An unusual aspect of this case is that data from CertiK shows both victim wallets subsequently sent an on-chain message to the attacker's address, inquiring about the possibility of negotiation. This action strongly indicates the transfers were not authorized transactions but the result of a security compromise, such as stolen private keys, phishing, or malicious approvals.
The incident serves as a stark reminder of persistent wallet security vulnerabilities, even in the absence of smart contract exploits. It also highlights how privacy tools like Tornado Cash can be exploited by criminals to rapidly launder stolen assets, complicating recovery efforts. While experts are monitoring the flagged wallet addresses, the likelihood of recovering the funds is considered low.
