Wasabi Protocol Attacker Launders Stolen Funds via Tornado Cash

An on-chain analyst, Specter, has reported that the attacker of the Wasabi Protocol has transferred all stolen funds, amounting to approximately $5.9 million, into Tornado Cash for centralized mixing operations. According to ChainCatcher, the attacker, suspected to be linked to North Korean hacker groups (DPRK), has been using Tornado Cash to launder stolen funds from entities such as KelpDAO and LayerZero. The laundering process involves multiple complex stages. The typical laundering path includes initial mixing through the Wasabi Mixer, followed by cross-chain transfers back to Ethereum for further mixing in Tornado Cash. The funds are then withdrawn to new wallets, dispersed across multiple addresses, and used to deploy tokens and manipulate liquidity. Subsequently, the assets are moved cross-chain to the Tron (USDT) system, briefly held, and then directed to OTC-associated wallets. Security analysts have noted that this method has become a frequent template for laundering stolen funds, characterized by a combination of mixing, cross-chain transfers, tokenization, and OTC exits. Industry security experts warn that such attacks have evolved from simple theft to systematic, engineered money laundering paths, significantly increasing the difficulty of tracking these activities.