Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
    2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
    The Robinhood Chain Paradox Built for Tokenized Stocks, Dominated by Memecoins
    The Robinhood Chain Paradox: Built for Tokenized Stocks, Dominated by Memecoins
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
  • Opinion
    OpinionShow More
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Ethereum News

Upbit Hacker Launders Stolen ETH via Tornado Cash

On-chain analysts say the attacker behind Upbit’s recent breach has begun moving stolen Ethereum through Tornado Cash, attempting to obscure the fund trail.

Written By Thales Rodrigues
Fact Checked by Jahnu Jagtap
Published 2026-01-08·Updated 6 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Upbit Hacker Launders Stolen ETH via Tornado Cash

Key Highlights

  • Roughly 1,400–1,500 ETH linked to the Upbit hack has been sent to Tornado Cash.
  • The attacker-controlled wallet shows a “severe” AML risk score tied to theft-related activity.
  • The fund movements come weeks after Upbit shifted around 99% of assets to cold storage.

An attacker behind the recent breach at Upbit, South Korea’s largest cryptocurrency exchange, began laundering stolen funds on January 8, routing roughly 1,500 Ethereum (ETH) through Tornado Cash. It is an Ethereum-based privacy mixer that obscures transaction trails, according to on-chain analysts.

After previously bridging the assets onto Ethereum, with total holdings estimated near $19 million, the attacker appears to be attempting to sever traceability, complicating efforts by investigators and exchanges to track or freeze the funds.

The attacker has started depositing the Upbit stolen funds into Tornado Cash.

So far, approximately 1,500 ETH has been deposited.
Stay smart. https://t.co/uwvIwyOnu6 pic.twitter.com/hE7RI46Iyo

— Specter (@SpecterAnalyst) January 8, 2026

Funds move into Tornado Cash

Blockchain intelligence firms Specter and MistTrack flagged the activity after tracking wallet 0x93A0, which they attribute to the attacker behind the Upbit exploit.

MistTrack data shows the address has already transferred about 1,400 ETH into Tornado Cash, while Specter estimates the figure closer to 1,500 ETH. The wallet carries an AML risk score of 100, labeled “severe,” with direct tags for theft and malicious behavior.

Analysts say the use of Tornado Cash is a common step for attackers seeking to obscure fund origins after high-profile exchange breaches. The privacy mixer is used by many hackers to launder illicit crypto funds to fresh, non-traceable wallets.

Exchange response and security context

The laundering activity follows Upbit’s earlier decision to overhaul its custody practices. In December, the exchange announced it would move more than 99% of customer assets into cold wallets after suffering a Solana hot-wallet hack that cost roughly 44.5 billion KRW (about $31 million).

At the time, Upbit said it would cover user losses from its own reserves and tighten internal controls, exceeding South Korea’s regulatory requirement to keep at least 80% of assets offline.

Why it matters

The speed says it all. Once the exploit was done, the playbook flipped instantly from stealing to hiding, with $27M pushed into Tornado Cash in a matter of days, not months. Cold wallets may shrink the blast radius for the next attack, but analysts are blunt about the reality: once funds hit a mixer, the odds of recovery drop fast, and the trail usually goes cold long before anyone can pull the brakes.

For regulators and exchanges alike, the incident reinforces a familiar lesson: prevention may be improving, but when exploits succeed, the race to track and freeze funds is still measured in hours, not days.

Also read: Crypto Hacker Makes $1 Million Trading Bitcoin

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto ExchangeCrypto HackTornado Cash
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

BONK Price Crashes 31%, Market Cap Drops Below $250 Million
BONK Price Crashes 31%, Market Cap Drops Below $250 Million
110 Reasons Michael Saylor's Case Against Bitcoin's BIP 110
110 Reasons: Michael Saylor’s Case Against Bitcoin’s BIP 110
Drake Bets $1.5M in USDT on Argentina to Win World Cup Final 
Drake Bets $1.5M in USDT on Argentina to Win World Cup Final 
Uniswap Eyes to Expand Protocol Fees to Robinhood Chain, Voting Begins
Uniswap Eyes to Expand Protocol Fees to Robinhood Chain, Voting Begins
Ondo (ONDO) Drops Nearly 10% as Market Cap Slides to $1.65B
Ondo (ONDO) Drops Nearly 10% as Market Cap Slides to $1.65B

Find Us on Socials

You may also like

FTX Creditors Set for $900M Windfall in Fifth Repayment

FTX Creditors Set for $900M Windfall in Fifth Repayment

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Argentine Judge Orders 25 $LIBRA Wallets Frozen, Exchanges to Unmask Holders

Argentine Judge Orders 25 $LIBRA Wallets Frozen, Exchanges to Unmask Holders

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information