Mixin Hacker Suspected of Liquidating 59,854 ETH After Two Years of Dormancy

WhaleWatcher · 2026-03-12T05:09:35+00:00

A recent analysis by Lookonchain reveals that the hacker behind the $200 million Mixin theft is liquidating stolen assets, starting with 59,854 ETH. Utilizing Tornado Cash for obfuscation, this sophisticated money laundering raises security concerns and highlights risks in the crypto space.

WhaleWatcher

2026-03-12 05:09:35

Abstract generation in progress

According to Lookonchain’s latest chain analysis, the perpetrator behind the $200 million Mixin theft appears to be making their first major move in years. The hacker is currently liquidating their stolen assets, beginning with a substantial quantity of Ethereum. Blockchain monitoring data reveals that 59,854 ETH (valued at approximately $120.9 million at current rates of $2,020 per token) has entered the market, marking a significant shift in the attacker’s pattern of behavior.

Lookonchain Tracks the Suspicious Fund Movement

The chain analysis platform Lookonchain detected the initial activity roughly fifteen hours ago, when 2,005 ETH (approximately $4.05 million) was transferred to Tornado Cash, the cryptocurrency mixing protocol. This initial deposit signals the hacker’s strategy to obfuscate the origin of stolen funds before potential sale. Following this deposit, three newly created wallets subsequently received 2,087 ETH (worth around $4.21 million) routed from Tornado Cash and were immediately liquidated at historical market rates.

The Tornado Cash Layer: Obfuscating the Trail

The routing through Tornado Cash represents a deliberate attempt to break the on-chain transaction history and create plausible deniability. By using mixing services, the perpetrator aims to separate the stolen funds from their original theft wallets, complicating law enforcement and security researchers’ ability to trace the proceeds. This multi-step approach—theft to mixing pool to new wallets to market—reflects sophisticated money laundering techniques commonly employed by high-level bad actors in the crypto ecosystem.

Market Implications and Security Concerns

The sudden resumption of activity after two years raises important questions for the cryptocurrency community. The timing of this liquidation event may indicate several possibilities: the attacker could be seeking to exit their position before increased regulatory scrutiny, responding to favorable market conditions, or preparing to move the proceeds to traditional finance channels. For Ethereum and the broader market, the dumping of such a large volume could exert short-term downward pressure if executed rapidly. Security professionals and exchange operators remain vigilant, as identifying and blocking these stolen funds remains an ongoing challenge across centralized platforms.

The Mixin hacker case serves as another reminder of the persistent risks in crypto infrastructure and the evolving tactics employed by sophisticated perpetrators to move and obscure large quantities of illicit assets.

ETH1.11%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.