Analyst: The attacker of the Wasabi protocol has transferred all stolen funds to Tornado Cash

According to on-chain analyst Specter, the attacker of the Wasabi protocol has transferred all stolen funds into Tornado Cash, completing a centralized mixing operation of approximately $5.9 million in assets.

On-chain analysis shows that this attacker and a suspected North Korean-related hacker organization (DPRK) have recently continued to use Tornado Cash to launder stolen funds, including those from KelpDAO and LayerZero, exhibiting a multi-stage complex flow of funds.

A typical money laundering path includes: funds first entering the Wasabi Mixer for initial mixing and withdrawal, then cross-chain flowing back to Ethereum, re-entering Tornado Cash for deep mixing, withdrawing to a new wallet, and dispersing to multiple addresses. New tokens are deployed in the new wallets, liquidity is guided to buy and extract liquidity assets, and then cross-chain to the Tron (USDT) system, where funds briefly stay before flowing to OTC-related wallets. On-chain security analysis indicates that this model has become a high-frequency attack money laundering template recently, presenting a combination structure of "mixing + cross-chain + tokenization + OTC exit."

Industry security personnel remind that such attacks have shifted from simple theft to systematic engineered money laundering paths, significantly increasing the difficulty of tracking.