Key Findings
- •Approximately $63 million in cryptocurrency routed through Tornado Cash has been linked to the $282 million wallet compromise that occurred on January 10.
- •Blockchain security firm CertiK's analysis indicates that at least 686 BTC was bridged to Ethereum, converted to ETH, and then split across multiple wallets before entering mixers.
- •Experts suggest that once assets pass through privacy-focused mixers like Tornado Cash, recovery becomes nearly impossible.
Cross-Chain Laundering Route Identified by CertiK
Roughly $63 million in crypto routed through Tornado Cash has now been linked to the $282 million wallet compromise that occurred on January 10, according to blockchain security firm CertiK. In a post shared on X, CertiK stated that its on-chain monitoring systems detected Tornado Cash activity connected to the exploit, offering fresh insight into how the attacker laundered funds after the initial theft. The incident has drawn widespread attention from crypto investigators due to both the scale of losses and the speed at which assets were moved across chains.
We have detected Tornado Cash deposits that trace to the alleged wallet compromise on Jan 10th that cost over $282M.
Part of the fund (~$63M) was bridged to 0xF73a4EbC3d0984F166AC215471Cc895cB4F5cc21 before further laundering.
Stay Vigilant! pic.twitter.com/byzRmjoeZR
— CertiK Alert (@CertiKAlert) January 19, 2026
CertiK’s analysis shows that a portion of the stolen Bitcoin was first bridged to Ethereum, converted into Ether, and then dispersed across several wallets to reduce traceability. At least 686 BTC was swapped cross-chain, resulting in approximately 19,600 ETH landing in a single Ethereum address. From there, the ETH was split into smaller amounts and distributed across multiple wallets. Each wallet forwarded several hundred ETH before the funds ultimately entered Tornado Cash, a privacy-focused mixing protocol. While the $63 million represents only part of the total stolen funds, CertiK noted that the movement highlights a deliberate attempt to obscure transaction trails following the exploit.
Expert Analysis on Recovery Chances
Blockchain security experts state that the laundering pattern closely follows a well-known playbook. Marwan Hachem, CEO of blockchain security firm FearsOff, described the activity as “textbook” for large-scale cross-chain thefts involving Bitcoin and Litecoin. Investigators previously linked the January 10 breach to a social engineering attack, in which the attacker impersonated wallet support staff and tricked the victim into revealing their seed phrase. Blockchain investigator ZachXBT reported that the compromised wallet contained about 1,459 BTC and more than 2 million Litecoin. Some of the stolen assets were also swapped into privacy-focused cryptocurrencies.
Security firm ZeroShadow earlier reported that roughly $700,000 was flagged and frozen early in the laundering process, though most of the funds have since moved beyond recovery. Additionally, on January 2, a live cross-chain exploit drained funds from hundreds of crypto wallets across multiple EVM-compatible blockchains, with total losses now exceeding $107,000 and still rising.