Quick Breakdown
- $63M in Tornado Cash deposits has been linked to the January 10 $282M wallet exploit.
- 686 BTC was bridged to Ethereum, converted to ETH, and split before entering mixers.
- Experts say fund recovery is nearly impossible once assets pass through Tornado Cash.
Roughly $63 million in crypto routed through Tornado Cash has now been linked to the $282 million wallet compromise that occurred on January 10, according to blockchain security firm CertiK.
We have detected Tornado Cash deposits that trace to the alleged wallet compromise on Jan 10th that cost over $282M.
Part of the fund (~$63M) was bridged to 0xF73a4EbC3d0984F166AC215471Cc895cB4F5cc21 before further laundering.
Stay Vigilant! pic.twitter.com/byzRmjoeZR
— CertiK Alert (@CertiKAlert) January 19, 2026
In a post shared Monday on X, CertiK said its on-chain monitoring systems detected Tornado Cash activity connected to the exploit, offering fresh insight into how the attacker laundered funds after the initial theft. The incident has drawn widespread attention from crypto investigators due to both the scale of losses and the speed at which assets were moved across chains.
CertiK traces cross-chain laundering route
CertiK’s analysis shows that a portion of the stolen Bitcoin was first bridged to Ethereum, converted into Ether, and then dispersed across several wallets to reduce traceability.
At least 686 BTC was swapped cross-chain, resulting in approximately 19,600 ETH landing in a single Ethereum address. From there, the ETH was split into smaller amounts and distributed across multiple wallets. Each wallet forwarded several hundred ETH before the funds ultimately entered Tornado Cash, a privacy-focused mixing protocol.
While the $63 million represents only part of the total stolen funds, CertiK noted that the movement highlights a deliberate attempt to obscure transaction trails following the exploit.
Experts say mixer use slashes recovery chances
Blockchain security experts say the laundering pattern closely follows a well-known playbook. Marwan Hachem, CEO of blockchain security firm FearsOff, described the activity as “textbook” for large-scale cross-chain thefts involving Bitcoin and Litecoin.
Investigators previously linked the January 10 breach to a social engineering attack, in which the attacker impersonated wallet support staff and tricked the victim into revealing their seed phrase.
Blockchain investigator ZachXBT said the compromised wallet contained about 1,459 BTC and more than 2 million Litecoin. Some of the stolen assets were also swapped into privacy-focused cryptocurrencies.
Security firm ZeroShadow earlier reported that roughly $700,000 was flagged and frozen early in the laundering process, though most of the funds have since moved beyond recovery. Additionally on January 2, a live cross-chain exploit drained funds from hundreds of crypto wallets across multiple EVM-compatible blockchains, with total losses now exceeding $107,000 and still rising.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
