On January 17th, with cryptocurrency prices being widely routed by risk aversion, Crypto.com flagged a “security incident” that caused the operation to freeze withdrawals.
Days later, the Singapore-based exchange announced that hackers had stolen at least $15 million worth of Ethereum (ETH) tokens — and potentially as much as $33 million, according to independent estimates — but pledged to reimburse those affected. Crypto.com faulted some accounts for a lack of 2-factor authentication for the breach, but didn’t provide many other details.
However, information security specialists and amateur blockchain sleuths on Twitter were already tracing the hacked funds, with almost half pointing to a non-custodial Decentralized Finance (DeFi) mixing service called Tornado Cash. That’s where the trail goes cold.
Tornado Cash (TORN), itself a smart contract token, is one of a few legal
