On July 4, 2026, on-chain analytics revealed two significant movements of Ethereum into the sanctioned privacy mixer Tornado Cash, totaling over $31.8 million in ETH. The first transaction was directly linked to the recent UXLINK exploit, while the second involved a coordinated set of six wallets.
Onchain Lens reported that the hacker behind the UXLINK breach used 10.54 million DAI to purchase 6,001 ETH at an average price of $1,757 per coin. The acquired ETH was then immediately transferred to Tornado Cash, a decentralized protocol known for obfuscating transaction trails. This move represents a critical phase in laundering the stolen assets, as mixers break the on-chain link between source and destination addresses, making recovery extremely difficult.
Just hours later, an on-chain analyst flagged six separate Ethereum addresses that collectively acquired 12,128 ETH and sent the entire amount to Tornado Cash. The addresses included 0x910cbd…39dbf and 0xa160cd…f291, among others. The use of multiple wallets suggests a deliberate attempt to avoid triggering monitoring thresholds before consolidating the funds into the mixer. While no direct link to the UXLINK incident has been confirmed, the proximity in timing and the choice of destination point to a broader trend of illicit actors utilizing privacy tools.
Tornado Cash has been under U.S. Treasury sanctions since 2022 for its role in laundering proceeds from cybercrimes. The movement of such large sums into the mixer reinforces concerns about the security of decentralized finance platforms and the ongoing challenge regulators face in tracing digital assets. UXLINK, a cross-chain infrastructure project, suffered a major exploit that compromised user funds; the exact amount stolen is still under investigation. As the crypto industry matures, these incidents highlight the need for rigorous smart contract audits and user vigilance.