Key Highlights
- Roughly 1,400-1,500 ETH linked to the Upbit hack has been sent to Tornado Cash.
- The attacker-controlled wallet shows a “severe” AML risk score tied to theft-related activity.
- The fund movements come weeks after Upbit shifted around 99% of assets to cold storage.
After previously bridging the assets onto Ethereum, with total holdings estimated near $19 million, the culprit appears to be attempting to sever traceability, making it rather tricky for investigators and exchanges to track or freeze the funds. Because nothing says “good afternoon” like a mystery wallet doing a disappearing act. 🕵️♀️
The attacker has started depositing the Upbit stolen funds into Tornado Cash.
So far, approximately 1,500 ETH has been deposited.
Stay smart. 😂– Specter (@SpecterAnalyst) January 8, 2026
Funds move into Tornado Cash
Blockchain sleuths Specter and MistTrack flagged the activity after tracing wallet 0x93A0, which they attribute to the Upbit breach culprit.
MistTrack data shows the address has already transferred about 1,400 ETH into Tornado Cash, while Specter pegs the figure closer to 1,500 ETH. The wallet carries an AML risk score of 100, labeled “severe,” with direct tags for theft and malicious behavior. 🤨
Analysts say the use of Tornado Cash is a familiar step for attackers seeking to obscure fund origins after high-profile exchange breaches. The privacy mixer is the trendy accessory hackers reach for to launder illicit crypto funds into fresh, non-traceable wallets.
Exchange response and security context
The laundering activity follows Upbit’s earlier decision to overhaul its custody practices. In December, the exchange announced it would move more than 99% of customer assets into cold wallets after a Solana hot-wallet hack that cost roughly 44.5 billion KRW (about $31 million).
At the time, Upbit said it would cover user losses from its own reserves and tighten internal controls, even if that means bending the regulatory elbow to keep at least 80% of assets offline.
Why it matters
The pace says it all. Once the exploit was done, the playbook flipped from theft to hiding with $27M pushed into Tornado Cash in the blink of an eye, not months. Cold wallets may shrink the blast radius for the next attack, but analysts are blunt: once funds hit a mixer, the odds of recovery drop fast, and the trail usually goes cold long before anyone can slam on the brakes. 🚨
For regulators and exchanges alike, the incident serves up a familiar reminder: prevention may be improving, but when exploits succeed, the race to track and freeze funds is still measured in hours, not days.
Read More
- Brent Oil Forecast
- Gold Rate Forecast
- Silver Rate Forecast
- HBAR PREDICTION. HBAR cryptocurrency
- Oh My Goodness! Will PENGU Balloons to a Whopping 38%? Find Out Now! 🐧💥
- UK Adopts a Quixotic Crypto Quandary with BoE’s Capri-cious Stablecoin Strategy
- Ethereum: Queue Chaos & Billions Staked! 🤯
- DOT PREDICTION. DOT cryptocurrency
- JPMorgan & Coinbase Join Forces: Crypto Gets Its Official Big Kid Pants
- USD PLN PREDICTION
2026-01-08 20:14