In a significant development for blockchain security, the perpetrator behind the massive 2022 Mixin Network exploit has broken nearly two years of dormancy. According to data from blockchain intelligence firm Lookonchain and analytics platform Arkham, the hacker initiated a major sell-off of stolen Ethereum, moving over $4 million through the sanctioned privacy protocol Tornado Cash.
The activity began approximately 15 hours before initial reports. The hacker first transferred 2,005 ETH (worth roughly $3.85 million) directly into Tornado Cash. Subsequently, a slightly larger amount of 2,087 ETH ($4.03 million) emerged from the mixer into three newly created wallets, where the entire haul was sold at an average price of $1,933 per ETH.
This event revives one of cryptocurrency's largest unsolved security breaches. The original September 2022 attack on the Hong Kong-based decentralized cross-chain protocol Mixin Network resulted in a loss of approximately $200 million in user assets. The hacker's known wallet still holds a vast portfolio, including 57,849 ETH (~$113.4 million) and 891 BTC (~$59.7 million).
Security experts suggest the timing may be strategic, coinciding with a recovered market and higher Ethereum prices, providing a favorable environment to liquidate assets. The use of Tornado Cash—sanctioned by the U.S. Treasury's OFAC in August 2022—highlights the ongoing regulatory challenges posed by decentralized privacy tools. The move could also be a test by the hacker to probe law enforcement and surveillance firm responsiveness before attempting larger transactions.
While the direct market impact of selling 2,087 ETH is minimal against Ethereum's daily trading volume, the event serves as a stark reminder of significant, unrecouped losses and the persistent threat of dormant stolen funds. It underscores the complex, international effort required for crypto asset recovery, involving firms like Chainalysis and TRM Labs working with global law enforcement.