A hacker responsible for the $4.67 million heist of the decentralized finance lending platform Voltage Finance in 2022 has recently transferred some of the stolen Ether to Tornado Cash after a temporary pause.
Blockchain security firm CertiK stated in an X post on May. 6 that 100 Ether, currently worth $182,783, was transferred from an address initially linked to the exploit. Despite this, the hacker can still trace back the transaction.
The exploiter took advantage of a “built-in callback function” in the ERC677 token standard in Mar. 2022. The function allows them to drain the platform’s lending pool through a reentrancy attack, according to CertiK.
Voltage Finance flags hacker wallet after $4.67M exploit
Following the exploit, Voltage Finance reported that the hacker stole several stablecoins and other cryptocurrencies, including USDC, Binance USD (BUSD), wrapped Bitcoin, and Ethereum tokens.
Etherscan data reveals that the hacker’s address, used to transfer funds to Tornado Cash, had been inactive since November with no transactions recorded in the past 166 days.
Voltage Finance flagged the attacker’s address on Etherscan and asked exchanges to block any transactions. Additionally, attempts were made to approach the hacker and negotiate a reward for returning the stolen funds.
Voltage Finance staking pools targeted in March breach
The protocol shared in an X post that hackers hit Voltage Finance on Mar. 18, targeting its Simple Staking pools. In total, attackers stole $322,000.
In a postmortem on Mar. 20, Voltage Finance stated that it offered the attacker a $50,000 bounty to return the stolen funds and had possibly identified a developer involved in the Simple Staking pools who may have been linked to the attack.
While we haven’t confirmed if he is the hacker, as a precaution, we revoked his access immediately and filed police reports to collaborate with law enforcement and centralized exchanges.
Overall crypto losses in April surged by 1,163%, with the majority of the damage coming from a single theft of 3,520 Bitcoin, worth $330.7 million, from a senior US individual’s wallet. The hacker used advanced social engineering tactics to pull off the heist.
