Hacker Who Stole $282 million Last Week, Launders $63M Via Tornado Cash: CertiK
CertiK has just identified $63 million in stolen funds flowing through the Tornado Cash mixer following last week’s $282 million wallet compromise.
The attacker used “textbook” laundering tactics, bridging Bitcoin to Ethereum and splitting the funds into small chunks to avoid being caught.
This massive theft started with a social engineering attack where the victim mistakenly shared their seed phrase with a fake support staff.
Last week on 10 January, a massive hack drained $282 million from a single crypto wallet.
Although the funds initially seemed lost forever, CertiK’s latest forensic data now shows where a portion of the money sits.
Their systems flagged a surge in laundering activity on Tornado Cash this week and directly tied it to the stolen assets.
Tracking the Tornado Cash Laundering Path
According to CertiK analysts, roughly $63 million has already moved through the privacy mixer. This amount is only a fraction of the total loss, but it shows that the theft was an organized effort, and the hacker(s) are attempting to erase the digital paper trail.
CertiK researchers mapped out where the money could be right now, and their findings show that the attacker started with Bitcoin but quickly moved to the Ethereum network.
On January 10, 2026 at around 11 pm UTC a victim lost $282M+ worth of LTC & BTC due to a hardware wallet social engineering scam.
The attacker began converting the stolen LTC & BTC to Monero via multiple instant exchanges causing the XMR price to sharply increase.
BTC was also…
— ZachXBT (@zachxbt) January 16, 2026
Data shows that 686 BTC moved across a cross-chain bridge, and this resulted in approximately 19,600 ETH arriving at a single address.
Once the funds reached Ethereum, the hacker started to launder the funds via Tornado cash. CertiK also noted that the thief isn’t laundering the money at the same time.
Instead, they split the Ether into multiple smaller wallets with each of them holding about 400 ETH.
A Textbook Playbook
Experts have called these moves a “textbook” crypto theft because of the generic nature.
We have detected Tornado Cash deposits that trace to the alleged wallet compromise on Jan 10th that cost over $282M.
Part of the fund (~$63M) was bridged to 0xF73a4EbC3d0984F166AC215471Cc895cB4F5cc21 before further laundering.
Stay Vigilant! pic.twitter.com/byzRmjoeZR
— CertiK Alert (@CertiKAlert) January 19, 2026
The hacker used platforms like THORswap to jump between chains. Historically, hackers do this to hide the paper trail, and their decisions to move the ETH in 400-coin chunks show that they are deliberately attempting to launder the money.
Once assets enter a mixer like Tornado Cash, the visible link between the sender and receiver breaks and security teams are warning that recovery chances will drop to near zero after this step.
The Human Error Behind the Hack
While the laundering seems carefully thought out, the original theft was much simpler in comparison.
The January 10 incident happened via a social engineering attack where the attacker pretended to be a wallet support staff member and used this to gain the victim’s trust.
The attacker convinced the user to reveal their seed phrase, and once the victim did, the hacker took full control of 1,459 BTC and over 2 million Litecoin.
Normally, traders who have been victims tend to hope that blockchain records will help them get their money back.
However, in this case, the funds are slowly moving through Tornado Cash, making recovery increasingly unlikely with every passing second.
By the time the funds leave the mixer, they appear as “clean” coins with no history.
Law enforcement agencies can sometimes flag addresses that interact with mixers. However, these protocols are decentralised, and the process can be very difficult.
The post Hacker Who Stole $282 million Last Week, Launders $63M Via Tornado Cash: CertiK appeared first on Live Bitcoin News.
Filed under: Bitcoin - @ January 19, 2026 6:22 pm