• Hacker Protocol drained 1,337 ETH via compromised Unleash multisig governance.
• The stolen funds have been sent through Tornado Cash to obscure transaction trails.
• The breach is limited to Unleash, and Story Protocol infrastructure is unaffected.

A hacker who recently exploited Unleash Protocol has begun laundering stolen funds through the Ethereum-based privacy service Tornado Cash, according to on-chain data and blockchain security firms.

The attacker is attempting to obscure the trail of roughly 1,337 ETH, valued at close to $4 million, drained from Unleash earlier this week.

Security companies PeckShield and CertiK have reported that the funds were transferred to Ethereum and broken into multiple batches, often around 100 ETH each, before being deposited into Tornado Cash, a well-known crypto mixing protocol.

Governance takeover led to the Unleash exploit

Unleash confirmed on Tuesday that it had suffered a significant security breach, resulting in approximately $3.9 million in losses.

The protocol has paused operations and launched a forensic investigation into the incident.

According to Unleash, preliminary findings indicate that an externally owned wallet gained unauthorised administrative control over the protocol via its multisignature (multisig) governance system.

The attacker then executed an unauthorised contract upgrade that enabled withdrawals of user funds without proper approvals.

“This upgrade enabled asset withdrawals that were not approved by the Unleash team and occurred outside our intended governance and operational procedures,” the team said in a statement posted on X.

Security analysts suggest the compromise may have been the result of phishing or another form of social engineering that allowed the attacker to gain control over governance keys, effectively bypassing standard safeguards.

The stolen assets bridged and mixed

The stolen assets reportedly included Wrapped IP (WIP), USDC, Wrapped Ether (WETH), stIP, and vIP tokens.

On-chain analysis shows that most of these assets were first bridged to Ethereum, then consolidated into ETH and routed through Tornado Cash, an approach commonly used by hackers to hinder tracking and recovery efforts.

CertiK said it initially detected suspicious withdrawals of WETH and IP-related tokens that were sent to an externally owned address created using Safe’s SafeProxyFactory, a popular smart contract framework for multisig wallets.

#CertiKInsight

We have detected deposits of 1337.1 ETH (~$3.9M) into Tornado Cash from 0xc946981F5dFBFA10cf858B95d51Fc06DCD15BfE3.

The fund traces to suspicious withdrawals of Wrapped ETH and Story tokens from a multisig that may have been compromised.… pic.twitter.com/YIFEAEwilc

— CertiK Alert (@CertiKAlert) December 30, 2025

No broader ecosystem impact, says Unleash

Unleash emphasised that the breach was confined to its own governance and administrative contracts.

The Unleash team stated there is currently no evidence that Story Protocol, the Layer 1 blockchain Unleash is built on, was compromised.

“The impact appears limited to Unleash-specific contracts and administrative controls,” the Unleash team said, adding that Story Protocol’s validators, core infrastructure, and contracts remain unaffected.

Unleash is one of the higher-profile applications in the Story Protocol ecosystem, which focuses on tokenised intellectual property and on-chain IP management.

PIP Labs, the company behind Story Protocol, has raised around $140 million in funding from prominent investors.

Users warned as investigation continues

The Unleash team has urged users not to interact with the protocol while the investigation is ongoing and said it will provide updates on the incident and potential remediation measures as more verified information becomes available.

As of the time of writing, Unleash had not disclosed whether it plans to pursue fund recovery efforts or compensation for affected users, and the use of Tornado Cash by the hacker may significantly complicate any attempts to trace or reclaim the stolen assets.

In a recent development, North Korean hackers associated with the notorious Lazarus Group have exploited the coin-mixing service Tornado Cash to launder approximately $12 million worth of stolen Ethereum (ETH) within the past 24 hours. 

The incident follows the theft of $100 million in cryptocurrency from the HTX crypto exchange and its HECO Bridge in November 2023, attributed to the Lazarus Group by blockchain analytics firm Elliptic and other experts.

$100M Crypto Heist And Ethereum Laundering Uncovered

The Lazarus Group, a well-known cybercrime organization believed to be backed by the North Korean regime, has a long history of conducting high-profile hacking campaigns. 

According to Elliptic’s latest crypto crime report, in November 2023, the notorious Lazarus Group allegedly orchestrated a major heist targeting the HTX crypto exchange and its cross-chain bridge, resulting in the theft of $100 million in various cryptocurrencies, including Ethereum. 

Evidence gathered by Elliptic and other experts pointed to the involvement of the Lazarus Group based on the modus operandi and subsequent movement of the stolen funds.

The investigation further notes that, following their “usual pattern” of crypto-laundering, the hackers quickly converted the stolen tokens into Ethereum through decentralized exchanges (DEXs). 

These illicitly acquired Ethereum funds remained dormant until recently, on March 13, when the hackers began funneling them through Tornado Cash. Tornado Cash is a decentralized, smart contract-based mixer previously sanctioned by the US Treasury in August 2022 for its association with laundering $455 million from the Lazarus Group crypto hacks.

However, the decentralized nature of Tornado Cash’s operations has prevented it from being shut down like centralized mixers like Sinbad.io.

The Last Resort For Lazarus Group

According to the blockchain analytics firm, in response to the sanctions imposed on Tornado Cash, the Lazarus Group shifted its focus to using cross-chain bridges and the Bitcoin-based mixer Sinbad.io as an alternative. 

However, in November 2023, Sinbad.io itself was seized by US authorities, eliminating another commingling option for the hackers. As a result, the group appears to have returned to Tornado Cash, using its decentralized architecture and resistance to raids to launder funds at scale and obscure its transaction trail.

Ultimately, Elliptic suggests that the resurgence of the Lazarus Group’s reliance on Tornado Cash can be attributed to the “diminishing availability” of large-scale mixers due to law enforcement operations targeting services like Sinbad.io and Blender.io. 

With fewer viable alternatives, the group has capitalized on Tornado Cash’s continued operation despite sanctions, exploiting smart contracts’ security and decentralized nature on blockchain networks.

As of the time of writing, Ethereum is currently trading at $3,870. Earlier this week, it reached a two-year high of $4,084; however, it failed to sustain consolidation above this level. Consequently, over the past 24 hours, ETH has experienced a 2.5% decline in price.

Featured image from Shutterstock, chart from TradingView.com

Alexey Pertsev, the core developer of the crypto mixing platform, Tornado Cash has shared his first ever tweet since he was arrested and incarcerated in Amsterdam by the Dutch security forces. The arrest of the developer back in August last year sparked an uproar in the crypto ecosystem and the tweet shared might imply he has finally regained his freedom.

Sorry I was afk for a while, what did I miss?

— Alexey Pertsev (@alex_pertsev) April 28, 2023

With details of his release still unclear, it was hinted that Alexey was billed to regain his freedom earlier this month, an assurance that came following a series of failed attempts.

The United States Treasury Department’s Office of Foreign Assets and Control (OFAC) banned Tornado Cash last year when it linked the mixing tool to crime rings including the notorious North Korean Lazarus Group. The OFAC sanction at the time alleged that Alexey’s invention has been used to launder as much as $7 billion worth of cryptocurrencies.

Tornado Cash operates as a decentralized tool which obscures the identity of senders and receivers by mixing the deposited funds in a pool and sending it out in ways that makes it almost impossible to trace the parties involved in the transaction. Following the ban and subsequent arrest of the protocol and Alexey, the crypto ecosystem rose in solidarity and criticized the US regulators.

Most importantly, supporters of Alexey noted that sanctioning a piece of code is one thing, cracking down on the individual who created the code can legitimately sniff out innovation. Riding on these and more premises, OFAC and the US government were subsequently dragged to court.

Getting a New Lease of Life

Being incarcerated for his invention has earned Alexey a lot of nicknames in the industry with some seeing him as one of the martyrs of the disruptive financial innovation that blockchain is bringing on board.

The shared tweet was seeking to know what he missed and as an active developer in the industry, Alexey has a lot to catch up including the events bordering the Ethereum ecosystem following the Merge, the Shapella Upgrade and the more intense crackdown from regulators especially in the US.

Benjamin Godfrey is a blockchain enthusiast and journalists who relish writing about the real life applications of blockchain technology and innovations to drive general acceptance and worldwide integration of the emerging technology. His desires to educate people about cryptocurrencies inspires his contributions to renowned blockchain based media and sites. Benjamin Godfrey is a lover of sports and agriculture. Follow him on Twitter, Linkedin

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

We’ll keep discussing the Tornado Cash situation because this is a watershed moment for the cryptocurrency industry. Lines are being drawn. The future of privacy for cryptocurrency-related operations is at stake. One could even say that the future of the industry as a whole is at stake. Does the cryptocurrency industry has a future without basic privacy tools like Tornado Cash? 

In any case, the more time passes the less probable it is for the US and Netherlands governments to have a genuine reason for their bizarre behavior. Why did the US sanction a smart contract and not specific people or organizations? And why did the Netherlands then arrest an alleged Tornado Cash developer? Was it just because he wrote some code that others used or did they have a legitimate reason? All of those questions are still in play. The more time passes the more it looks that both governments just jumped the gun on this one.

It’s as the Coinbase-funded lawsuit says…

The Tornado Cash Lawsuit

Six people are legally challenging the OFAC sanctions on a smart contract like Tornado Cash, and Coinbase is backing the lawsuit. In a recent blog post announcing the move, Coinbase said that they support Treasury sanctioning “bad actors” and “unlawful behavior,” but in this case:

“Treasury went much further and took the unprecedented step of sanctioning an entire technology instead of specific individuals. The problem here is twofold: (1) there are legitimate applications for this type of technology and as a result of these sanctions, many innocent users now have their funds trapped and have lost access to a critical privacy tool, and (2) we believe the Treasury exceeded its authority, given by Congress, by sanctioning a technology.”

In a recent blog post by The Bitcoin Policy Institute, a banking insider explained the legitimate uses further. Notice that in this case, the banking insider is talking about the bitcoin network, but the explanation also extends to other blockchains.

“Bitcoin users who don’t want to share their entire transaction history or net worth when transacting with a merchant can use collaborative transaction tools to bring their financial privacy up to par with their other payment methods. These tools provide a similar service to what Visa provides its users today; they shield transactional details from both the counterparty to the transaction and from external observers.”

ETH price chart for 09/24/2022 on OkCoin | Source: ETH/USD on TradingView.com

Tornado Cash Returns To GitHub

The smart contract’s GitHub repository is back, albeit in “read-only” mode. This part of the story started when the OFAC published clarifications about the Tornado Cash sanctions, and said:

“U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.”

It looks like everything is in “read only” mode, but that is progress from an outright ban. I still encourage @github to reverse all actions and return the repositories to their former status.

— prestonvanloon.eth (@preston_vanloon) September 22, 2022

Then, Ethereum Core developer Preston Vanloon saw an opportunity and wrote GitHub directly. “Please unban Tornado Cash code repositories now,” he tweeted and then quoted the OFAC clarifications. Days later, Vanloon himself announced that the Tornado Cash repository was back. He quickly reported a caveat, though. “It looks like everything is in “read only” mode, but that is progress from an outright ban. I still encourage GithHb to reverse all actions and return the repositories to their former status.”

Progress is progress.

Chainalysis And The Hole

The fact of the matter is people still need privacy and the Tornado Cash sanctions left “a hole” in the space. Ironically, Coin Telegraph interviewed Chainalysis’ country manager for Australia and New Zealand about it. Todd Lenfield told the publication: 

“If the liquidity isn’t there, you effectively dry up a lot of [a mixers] capability. The hunting for places where there is liquidity, when it’s highly visible after things like the OFAC sanctioning of Tornado Cash, I think makes a very interesting space to keep an eye on.”

Interesting, indeed.

Featured Image by SEBASTIEN MARTY from Pixabay | Charts by TradingView

The Tornado Cash situation is a riddle wrapped up in an enigma. Why did the OFAC sanction a piece of software? And why did Dutch authorities arrest a sole developer? Those are not the question we’ll answer today. The OFAC updated the frequently asked questions on Tornado Cash-related matters. The answers focus on the details of the sanctions and not on the big questions.

We’ll take them, though. They’re entertaining and illuminating, just as the whole Tornado Cash situation is. 

The OFAC Clarifies Tornado Cash Sanctions

In yesterday’s update of the OFAC’s FAQ, Tornado Cash was the topic of choice. The US Government enabled a form to file licensing requests and announced that users can recover their funds :

“For transactions involving Tornado Cash that were initiated prior to its designation on August 8, 2022 but not completed by the date of designation, U.S. persons or persons conducting transactions within U.S. jurisdiction may request a specific license from OFAC to engage in transactions involving the subject virtual currency.  U.S. persons should be prepared to provide, at a minimum, all relevant information regarding these transactions with Tornado Cash, including the wallet addresses for the remitter and beneficiary, transaction hashes, the date and time of the transaction(s), as well as the amount(s) of virtual currency.”

So, there’s hope for frozen funds if the user is willing to go through a few hops and KYC-like procedures. It’s not perfect, but we’ll qualify the developments as good news. Another tidbit that seems like good news, the OFAC will not prioritize any procedures that have to do with dusting.

“OFAC is aware of reports following the designation of Tornado Cash that certain U.S. persons may have received unsolicited and nominal amounts of virtual currency or other virtual assets from Tornado Cash, a practice commonly referred to as “dusting.”  Technically, OFAC’s regulations would apply to these transactions.”

That’s all fine and dandy, however, dusting still casts a shadow over the whole operation. There’s no way of knowing if some accounts were dusted or if the owner took advantage of the situation to launder his or her Tornado Cash funds. Still, in some cases, the OFAC ignoring the dusting will save some wallets and accounts.

ETH price chart for 09/14/2022 on Gemini | Source: ETH/USD on TradingView.com

These Actions Aren’t Prohibited

Make no mistake, “U.S. persons are prohibited from engaging in transactions involving Tornado Cash, including through the virtual currency wallet addresses that OFAC has identified.” However, “interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited.” This seems like a trivial matter, but it renders irrelevant some of the protests against the Tornado Cash sanctions:

“For example, U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.  Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.”

Is everything clear now? Not a chance. New questions about the sanctions keep emerging, the situation is more interesting than ever. And now, we know that all funds are not lost and that dusting will not be prosecuted. Why is the OFAC targeting a smart contract, though? The answer to that one isn’t clear yet. And neither is the reason for the lone developer’s arrest. 

Baby steps. 

Featured Image by larry from Pixabay | Charts by TradingView

In an unprecedented move, the U.S. Treasury Department levied sanctions on the crypto mixing company Tornado Cash earlier this month. The action is taken over allegations that the crypto mixer was used to launder virtual currency. The expected valuation of laundering digital assets is over $7 billion.

The action taken by the Treasury Department has faced colossal backlash, especially from the crypto industry.

It is believed that this action will not only impact just Tornado Cash but the whole crypto ecosystem. Some view it as an infringement of their privacy while doing online transactions. 

Future uncertain after Tornado cash ban

In the last few days, the crypto industry has witnessed more crackdowns by regulators. The manner in which cryptocurrencies operate does not match the desires of outdated governmental regulations. There are apprehensions that in the future, many other such decentralised platforms could meet the same fate. 

After the government has made any interaction with Tornado equivalent to a crime, it has become difficult for people to achieve transactional secrecy on the most-used blockchain, Ethereum. At the same time, those disobeying the government order will have to find a way to save themselves from any regulatory action. 

Immediately after the sanction, Circle, a USDC stablecoin issuer, banned 38 addresses that had links with Tornado in their transaction history. Media reports suggest that other platforms and companies have also enforced these bans. Given the current situation, it would not be wrong to presume that there will be more to join Circles to block addresses having connections with Tornado in the coming days.  

It is still unclear how things will play out in the future and when and in which areas there will be a consensus between financial regulators and the crypto world.

If this continues, the only solution can likely be creating a program that will satisfy the regulators and, at the same time, give the developers a sense of freedom in cryptocurrency.

About Tornado cash and the allegations

Tornado, which is one of the crucial components of the Ethereum “money stack,” is not only the sole method to anonymize transactions on the blockchain, but it is also possibly the most used one.

Tornado Cash serves as an open-source platform enabling individuals to protect the history of their transactions from public view. The U.S. government has alleged that it was involved in money laundering and diverted money to North Korean hackers. 

Some crypto investors have called the governmental action unconstitutional and against the right to privacy.  Many believe that instead of going after bad actors with foul motives, the government has targeted the protocol despite the governmental action. 

The game is not over for Tornado Cash

Tough Tornado has been labeled with a criminal designation; the game is not over for the crypto mixer. This is because the government cannot shut down the application. Neither can the regulators redeploy the firm to a new and non-sanctioned address, nor can they bar people from interacting with the code. 

CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

The plot thickens. Did the supposed Tornado Cash developer arrested in The Netherlands have ties to a Russian security agency? Is a job in 2017 for a company with tenuous connections to Russia enough to justify the arrest? As Bitcoinist told you and reiterated, there had to be another reason that FIOD and the OFAC arrested a simple Tornado Cash coder. Is this one it? We don’t have official confirmation yet, but it might be.

Apparently, the alleged Tornado Cash developer was Aleksey Pertsev, CEO of PepperSec and resident of The Netherlands. The information about his supposed ties to Russian intelligence comes courtesy of Kharon. The company “provides data and analytic tools to optimize the core functions of financial crimes compliance programs, including KYC, screening, and investigations.”

How Are PepperSec And Tornado Cash Related?

Their report states that Tornado Cash “runs on software code developed by PepperSec, Inc.” What and where is that company exactly?

“PepperSec is a Delaware-registered corporation with its primary place of business in Seattle, Washington, according to a 2020 SEC filing. PepperSec’s website describes the company as a security consulting firm of white hat hackers.”

Currently, the website in question contains an “About Us” that says:

“We’re professional security engineers seasoned by many years of practical experience and deep understanding of technologies. We’re ready to battle to make your project as secure as possible.”

Fair enough, but…

How Is PepperSec Connected To Russia?

Apparently, Kharon reviewed “personal and company profiles” and determined that Aleksey is PepperSec’s CEO. So far, so good. Where’s the smoking gun, though? Back to Kharon’s report:

“In 2017, Pertsev was an information security specialist and developer of smart contracts for Digital Security OOO, according to an archived version of the company’s website reviewed by Kharon. Digital Security OOO is a Russian entity designated by the U.S. Treasury Department in 2018 for providing material and technological support to the FSB, Russia’s primary security agency. Treasury alleged that, as of 2015, Digital Security worked on a project that would increase the offensive cyber capabilities of Russia’s intelligence services.”

That’s tenuous, to say the least. And in no way related to Tornado Cash. However, a caveat is that the other two “PepperSec’s founders — U.S.-based Roman Storm and Russia-based Roman Semenov” haven’t been touched. So far. So, the case might be against Aleksey Pertsev alone.

ETH price chart for 08/26/2022 on FTX | Source: ETH/USD on TradingView.com

How Does All Of This Relate To Tornado Cash?

For this part, we’ll turn to quotes from notorious bitcoin enemy “Fortune.” The magazine interviewed Nick Grothaus, vice president of research at Kharon, who said: 

“You had this guy working for [Digital Security OOO] and doing pen testing himself, and then Treasury designated the company for helping the FSB’s hacking capabilities.”

Ok, we didn’t know about the “pen testing” part. However, how does this relate to Tornado Cash? To answer that question the magazine resorts to Alex Zerden, “an adjunct senior fellow at the Center for a New American Security,” who said:

“This opens up a lot of credibility issues for the developers of Tornado Cash. This is pretty profound information that informs why the U.S. government and Dutch authorities have taken certain actions.”

Does it, though? “There seems to be a more complex and complicated picture that takes more time to unravel,” Zerden added. And we agree. That’s why the EFF asked for clarity around the Tornado Cash situation. As Bitcoinist already said, “maybe the OFAC has a better case and the developer is guilty of something else. If that’s the case, with “clarifying information and reducing the ambiguity” the OFAC would have avoided this whole situation.”

Featured Image: Graphic tornado from this blog post  | Charts by TradingView

The US Treasury’s recent ban on notorious virtual currency mixer Tornado Cash has sparked a heated debate in the crypto sphere, with most crypto users- more so software developers- expressing their outrage against the move.

Earlier this month, the US treasury sanctioned the Ethereum-based protocol and placed Ethereum addresses linked to it on the OFAC SDN list. Whereas that caused some jitters in the developer community, it is the taking down of its Github repository and the subsequent arrest of a software developer suspected of helping build the protocol that caused an outburst.

Cardano’s founder Charles Hoskinson has been the latest high-ranking crypto community member to speak out against the issue, calling out the US treasury for trying to spook software developers and attack their freedom of expression through code. According to Hoskinson, it was outrageous for the US agency to fail to discern between writing code and running it.

“The understanding is that when we write code, its an expression as long as we don’t get involved in the running and use of the code…you’re not really telling people to go do this,…you’re just writing things down,” Hoskinson said in a recent “surprise AMA”  when asked bout his thoughts on the Tornado Cash ban. To him, it was wrong to assume that Tornado Cash developers directly controlled the protocol or benefited in any way from transactions conducted using it when they were not in control of the same.

The purported ban on an open source code that had no particular controlling entity was thus a direct assault on the ethos of a free society, particularly the freedom of expression. “The problem here is they went further back to an area that seems to be unconstitutional and said just by participating and writing that code and being involved in that somehow means there was an intent and an operation of that system”, Charles added.

According to him, a strict interpretation of that would mean that the US Treasury is asserting that software developers are accountable for how their software is used regardless of whether they can control that or not, “which is an extremely dangerous precedent.”

Charles Hoskinson, however, expressed confidence in future attempts by regulators and law enforcement agencies to limit the freedom of expression through code being foiled, with the court having ruled that code is free speech.