According to Lookonchain, an attacker transferred 7,400 ETH from Tornado Cash, using the funds as collateral on Aave to borrow approximately $9.92 million in stablecoins. This movement highlights ongoing security challenges in DeFi platforms and could impact trading sentiment around Ethereum (ETH).

According to @EmberCN, an address that received 7,400 ETH from Tornado Cash initiated a liquidation event involving CAKE and THE tokens. This caused a $2.15 million deficit for Venus Protocol, while the hacker extracted approximately $5.07 million worth of assets, including 2,172 BNB, 1.516 million CAKE, and 20 BTC.

According to @EmberCN, a hacker who stole 49.5 million USDC from Infini in February last year has demonstrated advanced trading skills. The hacker converted stolen USDC to ETH, sold ETH for DAI at an average price of $3,762 in August, and recently bought back ETH with DAI at $2,109 per ETH. The hacker then laundered 15,470 ETH, worth approximately $32.58 million, through Tornado Cash.

According to PeckShieldAlert, exploiter-labeled addresses tied to the Aperture Finance incident have deposited 1,242.7 ETH (around $2.4M) into Tornado Cash, and the project previously suffered an exploit on January 25, 2026 that impacted its V3/V4 contracts with an estimated loss of about $3.67M. According to PeckShieldAlert, these on-chain transfers indicate continued movement of stolen ETH through a mixer following the exploit, a key datapoint for traders tracking DeFi smart contract risk and potential contagion within Ethereum liquidity.

According to PeckShieldAlert, the Truebitprotocol exploiter deposited 8.5K ETH worth about $26.5 million into Tornado Cash, source: PeckShieldAlert on X Jan 11, 2026 https://x.com/PeckShieldAlert/status/2010191512513151049. According to PeckShieldAlert, the attacker routed the stolen 8.5K ETH to two addresses 0x2735...cE850a and 0xD12f...031a60 prior to mixing, source: PeckShieldAlert on X Jan 11, 2026 https://x.com/PeckShieldAlert/status/2010191512513151049. According to PeckShieldAlert, TRU collapsed by 100% following the exploit, source: PeckShieldAlert on X Jan 11, 2026 https://x.com/PeckShieldAlert/status/2010191512513151049. According to PeckShieldAlert, the same exploiter also attacked Sparkle about 12 days earlier, stealing 5 ETH and sending it into Tornado Cash, source: PeckShieldAlert on X Jan 11, 2026 https://x.com/PeckShieldAlert/status/2010191512513151049.

According to @lookonchain, the Truebit hacker deposited all 8,535 ETH (about $26.44M) into Tornado Cash and laundered the funds following the exploit, as reported in an X post on Jan 11, 2026, source: Lookonchain on X. Arkham Intelligence’s Truebit hacker entity traces these inflows to Tornado Cash pools, corroborating the laundering route, source: Arkham Intelligence intel.arkm.com explorer. The initial theft and 8,535 ETH transfer are recorded on Etherscan under transaction hash 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014, confirming the amount and movement, source: Etherscan transaction record. For trading context, illicit funds frequently pass through mixers before reaching exchanges, making subsequent Tornado Cash outflows a key on-chain signal for potential liquidity movements, source: Chainalysis Crypto Crime Report 2023.

According to @EmberCN, Truebitprotocol was exploited two days ago for 8,535 ETH, valued around $26.36M, source: @EmberCN and Arkham Intelligence. Four hours before the post, the attacker mixed the entire 8,535 ETH through Tornado Cash, source: @EmberCN and Arkham Intelligence. Truebitprotocol confirmed a security incident and warned users not to interact with contract 0x764C64b2A09b09Acb100B80d8c505Aa6a0302EF2 while engaging law enforcement, source: Truebitprotocol on X. For trading, monitor post-mixing outflows to exchanges and tagged addresses to track ETH flow using Arkham Intelligence and official updates, source: Arkham Intelligence and Truebitprotocol on X.

According to @MistTrack_io, the Upbit hack address 0x93A0649e62C7E3AE8F7Eec14F6674aa6b554f904 has transferred 1,400 ETH to Tornado Cash, with live tracking available at light.misttrack.io/address/ETH/0x93A0649e62C7E3AE8F7Eec14F6674aa6b554f904 (source: @MistTrack_io). According to @MistTrack_io, this address is linked to an estimated $36M loss from the Upbit incident and is under continuous monitoring as of Jan 8, 2026 (source: @MistTrack_io). Based on @MistTrack_io’s alert, traders can monitor subsequent on-chain transfers from this address to inform execution timing and liquidity risk management around ETH flows (source: @MistTrack_io).

According to @PeckShieldAlert, the multisig drainer who stole $27.3M from a compromised wallet withdrew 1,000 ETH ($3.24M) from Aave and laundered it via Tornado Cash, bringing total deposits to Tornado Cash to 6,300 ETH ($19.4M). According to @PeckShieldAlert, the drainer controls the compromised multisig and holds a $9.75M leveraged long position, backed by $20.5M in ETH collateral against $10.7M in DAI debt.

According to @PeckShieldAlert, address 0xB8b4...3714 is actively laundering funds via Tornado Cash, with 2,479.1 ETH (about $7.9M) processed so far, source: PeckShieldAlert on X, Jan 6, 2026. The funds originated from multiple TRON wallets and were bridged to Ethereum before entering Tornado Cash, source: PeckShieldAlert on X, Jan 6, 2026. These movements appear to link the assets to a pig-butchering crypto investment scam, source: PeckShieldAlert on X, Jan 6, 2026. Traders tracking ETH on-chain flows may note concentrated mixer activity around the specified address and Tornado Cash, source: PeckShieldAlert on X, Jan 6, 2026.

According to @PeckShieldAlert, Unleash Protocol on Story Protocol suffered an unauthorized drain with an estimated ~$3.9 million loss, after which the exploiter bridged the proceeds to Ethereum and deposited 1,337.1 ETH into Tornado Cash (source: @PeckShieldAlert). According to the official incident notice from Unleash Protocol, an externally owned address obtained administrative control via Unleash’s multisig governance and executed an unauthorized contract upgrade that enabled unapproved asset withdrawals; impacted assets identified so far include WIP, USDC, WETH, stIP, and vIP, and all Unleash operations have been paused while the investigation proceeds (source: Unleash Protocol official incident notice on X). Unleash also stated there is no evidence that Story Protocol contracts, validators, or underlying infrastructure were compromised, and the impact appears limited to Unleash-specific contracts and administrative controls (source: Unleash Protocol official incident notice on X). For trading risk management, Unleash advised users to refrain from interacting with Unleash Protocol contracts until further notice and noted they are evaluating remediation and recovery measures, with on-chain data preservation and coordination underway (source: Unleash Protocol official incident notice on X). The on-chain route of 1,337.1 ETH to Tornado Cash indicates obfuscation of flows tied to the exploit, as flagged in real time (source: @PeckShieldAlert).

According to @PeckShieldAlert, wallets 0x1209...e9C and 0xaac6...508 were compromised via a private key leak, resulting in approximately 2.3M USDT in losses (source: @PeckShieldAlert). The attacker swapped the stolen USDT for 757.6 ETH and laundered the funds through Tornado Cash, reducing on-chain traceability and flagging related addresses for risk monitoring by traders (source: @PeckShieldAlert). The alert does not mention any USDT issuer freeze or recovery actions at the time of the report (source: @PeckShieldAlert). Traders should avoid interacting with the flagged addresses and note that mixer routing may complicate compliance screening and analytics across ETH pairs (source: @PeckShieldAlert).

According to @EmberCN, a whale or institution that lost 50 million USDT in a phishing attack sent an on-chain message to the attacker offering a $1 million white-hat bounty if the 50 million USDT is returned; source: https://twitter.com/EmberCN/status/2002584298398917090 and message link: https://t.co/xJwnVJTN6W. According to @EmberCN, the attacker had not responded as of the time of the post; source: https://twitter.com/EmberCN/status/2002584298398917090. According to @EmberCN, the stolen USDT was converted to ETH and moved through Tornado Cash, indicating low recovery odds; source: https://twitter.com/EmberCN/status/2002584298398917090.

According to the source, a new report claims North Korea–linked hackers have stolen around $2 billion in crypto this year, spotlighting elevated exploit risk for DeFi protocols and cross-chain bridges. According to Chainalysis, DPRK-affiliated groups stole about $1.7 billion in 2022 and over $1.0 billion in 2023, with the majority sourced from DeFi protocol and cross-chain bridge exploits, indicating where smart-contract risk is concentrated for market participants. According to the U.S. Treasury’s Office of Foreign Assets Control, Tornado Cash was sanctioned in August 2022 and Sinbad was sanctioned in November 2023 for laundering DPRK proceeds, increasing enforcement and compliance risk around mixer-linked flows that can affect altcoin liquidity when tainted funds move. According to FBI, CISA, and the U.S. Treasury, the Lazarus Group uses social engineering and supply-chain compromises to breach crypto firms, underscoring persistent operational risk for centralized venues and DeFi traders. According to Chainalysis, on-chain monitoring of inflows from DPRK-labeled wallets to exchanges and mixers can flag potential cash-out activity after breaches, which traders can track as a proxy for near-term sell pressure in affected assets.

According to @PeckShieldAlert, a whale’s multisig wallet was drained of approximately $27.3 million following a private key compromise (source: @PeckShieldAlert, Dec 18, 2025). According to @PeckShieldAlert, the drainer has laundered $12.6 million, equal to 4,100 ETH, via Tornado Cash (source: @PeckShieldAlert, Dec 18, 2025). According to @PeckShieldAlert, the drainer still holds around $2 million in liquid assets (source: @PeckShieldAlert, Dec 18, 2025). According to @PeckShieldAlert, the drainer also controls the victim’s multisig, which maintains a leveraged long position (source: @PeckShieldAlert, Dec 18, 2025).

According to @PeckShieldAlert, an exploiter-labeled address deposited 2,295.8 ETH valued around USD 7.3 million into Tornado Cash. source: PeckShieldAlert on X, Dec 5, 2025. According to @PeckShieldAlert, Bunni suffered an exploit on September 2 with losses of about USD 8.4 million, and the team announced a shutdown in October. source: PeckShieldAlert on X, Dec 5, 2025. According to @PeckShieldAlert, the new deposit size is roughly 87 percent of the reported exploit value by USD terms, underscoring notable mixer inflows linked to the incident. source: PeckShieldAlert on X, Dec 5, 2025. According to the source, Tornado Cash is sanctioned by the U.S. Treasury, so related flows face heightened compliance screening and taint risk across centralized venues, which traders should account for when managing counterparty exposure. source: U.S. Treasury OFAC press release, Aug 8, 2022. According to the source, mixers are commonly used to obfuscate stolen crypto before distribution to off-ramps and peer-to-peer brokers, making it prudent for traders to monitor subsequent hops and potential spillover into ETH pairs liquidity. source: Chainalysis 2023 Crypto Crime Report.

According to @MistTrack_io, the Yearn Finance exploit generated roughly 9 million dollars, with the initial seed funds traced to ETH routed via Railgun, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/tx/0x68f88d2ffcef1ceafde26fc290cf1d31ff9a461b4ee2aeb68da8aa9cf70e600c. After the attack execution, the exploiter sent 1,100 ETH to Tornado Cash and later withdrew 100 ETH to continue operations, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/tx/0x53fe7ef190c34d810c50fb66f0fc65a1ceedc10309cf4b4013d64042a0331156. Approximately 6 million dollars in remaining profit comprising 128 ETH, 48.96 cbETH, 203.55 rETH, 742.63 frxETH, 857.48 pxETH, and 167.67 stETH was consolidated into address 0xa80d3f2022f6bfd0b260bf16d72cad025440c822, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/address/0xa80d3f2022f6bfd0b260bf16d72cad025440c822. To prepare batch operations, the exploiter executed a 7702 delegatecall to 0x1A1Efc..., source: @MistTrack_io on X 2025-12-05; https://etherscan.io/tx/0x91054b9f0bf8e94ef2ebf27141872662776636b68ab3122eeb0afec421ba71bb. The attacker then swapped cbETH, rETH, frxETH, and stETH into 1,184.9 WETH in a single transaction; a subsequent attempt to convert WETH to ETH and batch-deposit into Tornado Cash failed, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/tx/0x9bdf92698cbd53adc42568cf205748da96d348f576be18d21e7c5180571ee825; https://etherscan.io/tx/0x18582f9cf70349f0f86105a79f2bab20cb2a5305f17911ee23a092fc9ea86785. Yearn recovered about 2.4 million dollars by burning the exploiter’s 857.48 pxETH and re-minting it to the Redacted Cartel multisig, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/tx/0x0e83bb95bb9d05fb81213b2fad11c01ea671796752e8770b09935f7052691c35. As of the latest update, the exploiter-controlled address still holds 1,184.9 WETH and 128 ETH, making on-chain flows traceable for monitoring, source: @MistTrack_io on X 2025-12-05; https://etherscan.io/address/0xa80d3f2022f6bfd0b260bf16d72cad025440c822.

According to @PeckShieldAlert, a Goldfinch user wallet (deltatiger.eth) was attacked with an estimated loss of about $330,000, and the attacker deposited 118 ETH of the stolen funds into Tornado Cash, source: @PeckShieldAlert on X, Dec 2, 2025. According to @PeckShieldAlert, users are urged to revoke approvals for the specified contract immediately, source: @PeckShieldAlert on X, Dec 2, 2025.

According to @PeckShieldAlert, Goldfinch Finance user deltatiger.eth was attacked, resulting in an estimated ~$330K loss. Source: @PeckShieldAlert. The attacker has deposited 118 ETH of the stolen funds into Tornado Cash. Source: @PeckShieldAlert. The alert urges users to immediately revoke approvals for contract 0x0689aa2234d06ac0d04cdac874331d287afa4b43. Source: @PeckShieldAlert. For trading risk management, treat the flagged contract and related approvals as active exposure until revoked and monitor ETH flows tied to the incident. Source: @PeckShieldAlert. No additional technical details or broader protocol impact were provided in the alert at the time of posting. Source: @PeckShieldAlert.

According to @PeckShieldAlert, Yearn Finance suffered an approximately $9 million exploit where an attacker minted a near-infinite amount of yETH and drained the pool in a single transaction, and about 1,000 ETH (around $3 million) was sent to Tornado Cash (source: @PeckShieldAlert on X, Dec 1, 2025). For trading, monitor YFI spot and perpetual markets, yETH-linked liquidity, and on-chain flows related to the 1,000 ETH mixer outflow flagged in the report for signs of liquidity stress or volatility (source: @PeckShieldAlert on X, Dec 1, 2025). Consider tightening risk on DeFi exposure and setting alerts for additional transfers from the exploiter wallet given the confirmed pool depletion and Tornado Cash routing described in the alert (source: @PeckShieldAlert on X, Dec 1, 2025).