After more than five months of inactivity, the hacker behind the 2022 Voltage Finance exploit has resurfaced—this time, moving a portion of the stolen Ether through Tornado Cash, a privacy-focused mixer.
On May 6, blockchain security firm CertiK flagged the movement of 100 Ether, worth approximately $182,783 at the time, from a wallet tied to the initial exploit. Though the transaction came from a different address, on-chain analysis confirmed the funds are traceable to the same attacker who drained Voltage Finance over two years ago.
The March 2022 breach exploited a vulnerability in the ERC-677 token standard—specifically, a built-in callback function that enabled a reentrancy attack. This allowed the hacker to siphon millions from the DeFi lending platform’s pool, escaping with a haul that included stablecoins like USDC and BUSD, along with wrapped Bitcoin and Ethereum tokens.
According to Etherscan, the wallet that facilitated the recent Ether movement had remained dormant since November, with its last activity recorded 166 days ago.
Following the 2022 incident, Voltage Finance publicly flagged the exploiter’s address and reached out to centralized exchanges to freeze related transactions. The team also attempted to negotiate a bounty for the return of funds, though those efforts were unsuccessful.
Voltage has since faced more turmoil. On March 18, 2025, the platform fell victim to another exploit—this time targeting its Simple Staking pools. Around $322,000 was stolen. In a postmortem shared two days later, the protocol revealed it offered a $50,000 bounty and suspected that a former developer with access to the staking pools may have been involved. His access was immediately revoked, and police reports were filed.
This latest development comes amid a surge in crypto-related losses. According to CertiK report, April alone saw a staggering 1,163% jump in stolen funds, primarily driven by a $330 million theft from a U.S. victim’s wallet, orchestrated through advanced social engineering. Without that incident, losses for the month still climbed to $34 million—up 21% from March.
However, not all the news was grim. The hacker behind the $7.5 million KiloEx exploit returned the full amount just four days after the attack. Similarly, ZKsync Association recovered $5 million worth of tokens following a breach of its airdrop distribution contract on April 15.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
