DAO Maker exploiter returns after 200 days, sends $600,000 to Tornado Cash

An Ethereum wallet linked to the DAO Maker exploit from 2021 has just come back to life.

An address associated with the platform's exploiter sent $600,000 worth of stablecoins through Tornado Cash, according to security firm PeckShield. 

The exploiter's wallet hadn't been active for over 200 days.

DAO Maker, a crowd fundraising platform that has no connection to MakerDAO, was initially exploited in August 2021. A bug in the decentralized autonomous organization's smart contract allowed the exploiter to take over $7 million of stablecoins. The funds were then spread out across several wallets.  

Another wallet associated with the exploiter moved $500,000 worth of DAI in September, again using Tornado Cash.  

The popular mixing service — used to obscure the details of transactions — was in the spotlight at the time, having been sanctioned by the U.S. Treasury Department's Office of Foreign Assets Control.  

The sanctions mean all U.S.-based individuals and entities are prohibited from interacting with the app, given its potential for money laundering. 

Crypto hacks

Hacks have soared in the intervening period since the DAO Maker exploit. 2022 was a landmark year with over $3 billion stolen via crypto hacking, a record. 

During 2022, security incidents involving cross-chain bridges and decentralized finance protocols stood out. During such exploits, hackers accessed and stole crypto assets without authorization by taking advantage of vulnerabilities in smart contracts — similar to the DAO Maker hack.