In a significant development following a major DeFi exploit, the hacker responsible for the January 2025 breach of Aperture Finance has laundered a substantial portion of the stolen funds. Blockchain security firm PeckShield confirmed on February 15, 2025, that the attacker moved 1,242.7 ETH, worth approximately $2.4 million, into the sanctioned cryptocurrency mixer Tornado Cash.
The funds represent the majority of the $3.67 million looted from Aperture Finance's smart contracts on January 25, 2025. The initial exploit targeted vulnerabilities in the platform's V3 and V4 contract iterations, where a logic flaw allowed the attacker to manipulate price oracles and liquidation mechanisms to drain multiple liquidity pools.
This laundering phase is a critical step in the attack lifecycle, aiming to obfuscate the trail of the stolen Ethereum and prepare it for eventual conversion to fiat or use on less-monitored platforms. The use of Tornado Cash is particularly notable as the mixer was sanctioned by the U.S. Office of Foreign Assets Control (OFAC) in August 2022 for its use by malicious actors like the North Korean Lazarus Group.
Following the hack, the Aperture Finance team issued an emergency notice, urging users to revoke token and NFT approvals linked to the compromised contract addresses to prevent further unauthorized asset movements. The incident has sparked renewed concerns about DeFi security, the sophistication of modern exploits, and the practical challenges regulators face in policing decentralized laundering tools in the crypto ecosystem.
