A hacker has embezzled $27million worth of Tether ($USDT) from a hot wallet that is linked to a Binance deployer. The loot happened over the weekend, as reported by blockchain analyst ZachXBT.
The stolen amount, in the form of $USDT, was sent to exchanges like FixedFloat and ChangeNow after being converted to Ether ($ETH). These funds were then bridged to Bitcoin ($BTC) via THORChain.
As per on-chain data, the wallet in question had received $ETH via two separate wallets from the Binance deployer in 2019. A deployer wallet is the one that creates smart contracts.
However, Binance has not commented on the same yet. The recent hack adds to the list of malicious activities that have used THORChain to conceal the funds acquired through the wrong ways.
THORChain is a cross-chain, decentralised liquidity protocol that enables direct swaps between different layer-1 tokens. Users can swap tokens between different blockchains without the fear of getting their transfers blocked.
Following a series of FTX hack-related trades, the protocol suspended its interface last month. In doing so, it cited “the potential movement of illicit funds through THORChain and, specifically, THORSwap”.
The Binance deployer loot comes after the recent Poloniex hack which led to a loss of around $114m. The exploited crypto exchange is owned by Tron founder Justin Sun.
Reports revealed wallets across multiple blockchains being targeted by the malicious actors. First, an Ethereum wallet, which was later tagged as ‘Poloniex hacker’, sent a total of $114m worth of tokens from Poloniex in 357 transactions. A similar activity was also noted from a wallet on the Tron blockchain, which sent around $42m to various wallets.
Wu Blockchain added to this saying: “Before being frozen, the hacker’s Tron chain address transferred large assets such as $21.73 million in USDT, $14.05 million in BTC, $3.65 million in USDD, and $1.78 million in USDC to other addresses, totaling more than US$42.83 million. Only $6.54 million is currently frozen.”
However, Poloniex has assured its users to fully reimburse the affected funds. According to its owner, the exchange could do so because it maintains a healthy financial position.