A stealthy hacker has siphoned over $25 million worth of ether through Tornado Cash only to turn around and spend the illicit funds on collectible Magic: The Gathering trading cards. The brazen scheme appears tailored to help the exploiter “wash” and cash out the stolen cryptocurrency while avoiding seizure.
Keypoints
- Individual withdrew 11,200+ ETH from Tornado Cash and spent majority on Magic: The Gathering trading cards
- Person took out 110 batches of 100 ETH, split into 11 addresses, then wrapped, transferred, and unwrapped ETH before sending funds to MTG broker
- Buyer exhibited suspicious behaviors like overpaying 5-10% for cards, limited crypto knowledge, and transacting in person
- Funds may have originated from $50M Uranium Finance exploit in April 2021 based on deposit patterns
- Method allows hacker to effectively ‘wash’ and cash out stolen crypto assets while avoiding asset freeze
According to on-chain sleuth ZachXBT (Full X Thread here), the hacker in question withdrew 11,200+ ETH from Tornado Cash, a cryptocurrency mixing service that obscures transaction histories before the Treasury Department sanctioned the tool. The perpetrator took out 110 batches of 100 ETH, distributing them into 11 separate addresses.
1/ Throughout this year I have been monitoring someone who has withdrawn 11,200+ ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards.
Here’s my analysis of where the funds went and what the potential source of funds could be.
— ZachXBT (@zachxbt) December 7, 2023
Afterwards, the hacker put the ether through a wrapping, transferring, and unwrapping process using WETH designed to further disassociate the tokens from their original source. The cleansed crypto was then swapped to USDC stablecoins and funneled to a Magic: The Gathering broker known to accept crypto payments.
This broker had no visibility into Tornado Cash but could facilitate large over-the-counter sales of high-value gaming collectibles to the perpetrator directly. And the hacker was overpaying substantially, allowing the broker to source cards like vintage 1993 sealed product the exploiter coveted.
The behavior rang alarm bells – paying millions in crypto upfront for physical collectibles, transacting in person, and relying on intermediaries indicates a desire to extract value from hot virtual assets. Timing clues also link the withdrawal of 11k ETH from Tornado Cash directly after the $50 million Uranium Finance exploit last April.
Effectively, the hacker discovered he could convert and cash out hacked funds by funneling them through alternative assets like Magic cards. The perpetrator hides behind brokers to conceal their identity and launder cryptocurrency into tangible, valuable gaming collectibles far under authorities’ radar. They overpay to incentivize facilitation while giving up pure profit for freedom.
the most epic thing about this?
the washer has been buying vintage 1993 mostly sealed cards (that's the only thing valuable enough to spend $25m on)
this potentially taints the majority of the remaining supply of these cards
imagine these are injuncted from trade by gov… https://t.co/m3ft5gaiWR
— notsofast (@notsofast) December 7, 2023
By exploiting digital assets then passing through enough middlemen, the hacker hopes to eliminate the money trail leading back to illegal crypto acquisition.
The cat and mouse game reveals the creative techniques cybercriminals employ to enjoy life with stolen cryptocurrency intact even as watchdogs, blacklists, and blockchain analysis advance.