Key Highlights
- A Goldfinch user lost $330K as hackers funneled Ethereum through Tornado Cash, showing growing security risks for DeFi participants.
- The hacker used multiple transactions and minimal gas fees to obscure $340K in stolen USDC, highlighting sophisticated DeFi attack methods.
- DeFi protocols like Goldfinch and Yearn face rising threats, emphasizing the need for strong wallet security and careful contract approval monitoring.
A user of the decentralized finance (DeFi) lending protocol Goldfinch has lost $330,000 after his Ethereum wallet was compromised by hackers, transferring proceeds to a cryptocurrency mixer, Tornado Cash.
According to blockchain security firm PeckShieldAlert, the affected individual is deltatiger.eth, who lost 330,999 USDC.
Tornado Cash, a privacy-focused mixer often used to obscure on-chain activity, was used by the attacker to hide the movement of the stolen assets. PeckShieldAlert’s data shows that the hack occurred at around 08:13:23 UTC, with the funds being funneled into Tornado Cash through multiple transactions. The incident has at least 40 transaction confirmations linked to the exploit.
Deltatiger.eth sent a total of 340,567 USDC, worth about $340,486.63. One of the transfers added a single USDC to the account via Uniswap V3, and another address received 9,567 USDC.
Thus, the entire transaction cost a minimal gas fee of 0.0000227 ETH in ether, which is equivalent to $0.06, executed at 0.0289 Gwei. Also, there was a minor execution error in the contracts, but that did not hinder the essential transfers from going through.
How the hack unfolded
Blockchain data shows subsequent interactions, for the most part, with Tornado Cash’s router, with most of the deposits ranging from 1 ETH to 10 ETH. This might well be indicative of an automated process involved in obscuring this trail. Prior wallet activity included one contract creation and a simple transfer, but recent activity had focused on moving funds into Tornado Cash.
The security challenges for DeFi protocols remain grave, besides the Goldfinch incident. Just yesterday, the yETH pool of Yearn Finance suffered from a $9 million breach. Hackers exploited the pool by minting almost unlimited yETH tokens in a single transaction, routing roughly 1,000 ETH through Tornado Cash.
Yearn confirmed on X, “We are investigating an incident involving the yETH LST stableswap pool. Yearn Vaults (both V2 and V3) are not affected.” So far, early recovery efforts have retrieved $2.4 million of the stolen funds, showing that quick and coordinated actions can help limit losses.
Goldfinch announced plans earlier to scale up on Base, a layer-2 blockchain developed by Coinbase. The expansion was designed to decrease the transaction fee and attract new users. Governance members reached consensus on the proposal, with the expectation of a soft vote and a code audit before official activation.
Implications for DeFi users
This incident underlines the increasing risk for participants in the DeFi space and the importance of securing wallets properly. Hackers often use Tornado Cash to hide where stolen crypto goes, making it hard to trace.
Regular users and investors should check which contracts can access their wallets. PeckShieldAlert advised revoking permission for the affected contract at 0x06..4b43 right away to prevent further losses.
