The attacker behind the October 2021 Indexed Finance hack has started transferring a portion of the stolen funds through the Tornado Cash mixer, according to experts at Cyvers Alerts. It is estimated that the hacker still controls approximately $5 million in digital assets across various addresses.
🚨ALERT🚨@ndxfi has faced a security breach on Oct 2021!
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) October 22, 2024
The attacker has started funneling over $4.5M through @TornadoCash since yesterday at https://t.co/XxF1IhsbfP
Attacker still hold more than $5M digital assets at different addresses!
Want to secure your assets and prevent… https://t.co/YFs6ba83FB pic.twitter.com/vEtmw8T3tj
Details of the Indexed Finance Attack
The attack on Indexed Finance occurred on October 15, 2021, when the hacker exploited a vulnerability in the liquidity pool rebalancing mechanism. The exploit targeted two index tokens, DEFI5 and CC10. Using flash loans, the attacker managed to withdraw substantial amounts from the platform.
The Indexed Finance team later claimed to have identified the hacker responsible for stealing $16 million. However, despite this identification, the stolen funds remain under the hacker’s control, with the attacker gradually distributing them via Tornado Cash to obscure their origins.
Broader Context of DeFi Hacks
This is not the first major attack on DeFi platforms in 2024. For instance, the Binance Labs-backed lending protocol Radiant Capital was hacked earlier this year for over $50 million. In that case, the attacker gained access to three out of 11 private keys, enabling them to alter the project’s smart contracts and siphon off significant funds.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.