hodler

14 Feb 2026, 13:30

Blockchain Lender Figure Suffers Devastating Data Breach After Insider-Enabled Hack

BitcoinWorld Blockchain Lender Figure Suffers Devastating Data Breach After Insider-Enabled Hack In a stark reminder of persistent cybersecurity threats, blockchain-based lending platform Figure confirmed a significant data breach this week, exposing sensitive customer information after hackers infiltrated its systems. The incident, reportedly involving the notorious ShinyHunters group and an insider, resulted in 2.5 GB of personal data being leaked on the dark web following a failed ransom negotiation. This breach highlights critical vulnerabilities at the intersection of traditional finance and decentralized technology, raising urgent questions about data protection protocols in the rapidly evolving digital asset sector. Figure Data Breach Timeline and Attack Vector Figure’s security incident unfolded through a multi-stage attack that cybersecurity analysts describe as sophisticated. Initially, threat actors gained unauthorized access to internal systems. Reports from cybersecurity monitoring firms indicate the breach involved credential compromise. The hacking group ShinyHunters, known for targeting financial technology companies, subsequently claimed responsibility for the attack. Investigators discovered evidence suggesting insider assistance facilitated the initial penetration. Consequently, the attackers exfiltrated approximately 2.5 gigabytes of customer data. Figure’s security team detected anomalous network activity during routine monitoring. The company then initiated its incident response protocol immediately. Forensic analysis confirmed the scope of compromised information included: Full names of registered users Physical addresses associated with accounts Dates of birth for identity verification Phone numbers used for authentication Following the data theft, ShinyHunters reportedly demanded a substantial ransom payment in cryptocurrency. Figure’s leadership refused to negotiate with the threat actors. The hacking group then published the stolen dataset on multiple dark web forums. This escalation transformed a contained security incident into a public data exposure crisis. ShinyHunters Hacking Group and Ransomware Tactics The ShinyHunters collective has established itself as a persistent threat to financial technology platforms. Active since 2020, the group typically targets companies handling valuable personal or financial data. Their operational methodology often combines technical exploitation with social engineering techniques. Security researchers have documented their previous attacks against educational institutions, e-commerce platforms, and technology firms. In the Figure breach, ShinyHunters employed what appears to be a double-extortion strategy. First, they stole sensitive customer information. Then, they threatened public release unless Figure paid a ransom. This approach maximizes pressure on victim organizations. Companies face not only regulatory penalties for data exposure but also reputational damage from public disclosure. Recent Major Fintech Data Breaches (2023-2025) Company Year Attack Method Data Exposed Figure 2025 Insider-assisted hack 2.5 GB PII BlockFi 2023 Third-party vendor compromise Client contact info Celsius Network 2024 Phishing campaign Partial user database CoinLoan 2023 API vulnerability Encrypted user data Cybersecurity experts note that blockchain companies present unique attack surfaces. While distributed ledger technology provides transaction immutability, supporting infrastructure remains vulnerable. Customer databases, web servers, and employee access systems represent potential entry points. The Figure breach demonstrates that blockchain-based applications inherit traditional cybersecurity risks alongside novel technological challenges. Insider Threat Implications for Financial Technology The alleged insider involvement in Figure’s breach warrants particular attention from security professionals. Insider threats represent one of the most difficult attack vectors to detect and prevent. Malicious insiders possess legitimate access credentials and understand internal security protocols. They can bypass perimeter defenses that might stop external attackers. Financial technology companies like Figure manage particularly sensitive data. They must balance operational efficiency with stringent access controls. The principle of least privilege becomes essential in this environment. Employees should only access data necessary for their specific job functions. Additionally, robust monitoring systems must track unusual data access patterns. Blockchain lending platforms face additional complexities. They often integrate traditional banking compliance requirements with cryptocurrency innovations. This hybrid operational model creates overlapping security jurisdictions. Consequently, comprehensive security frameworks must address both conventional and novel threat vectors. Regular security audits, employee training, and incident response drills become non-negotiable components of operational resilience. Regulatory and Compliance Consequences Data breaches trigger significant regulatory obligations for financial services providers. Figure operates within multiple jurisdictional frameworks governing data protection. The company must comply with state-level regulations like the California Consumer Privacy Act. Additionally, financial regulators oversee aspects of their lending operations. Breach notification laws typically require disclosure within specific timeframes. Figure acknowledged the security incident promptly. The company stated it notified affected individuals according to legal requirements. However, the dark web publication of stolen data complicates remediation efforts. Exposed individuals now face elevated risks of identity theft and phishing attacks. Therefore, Figure likely will provide credit monitoring services to impacted customers. The blockchain lending sector operates under increasing regulatory scrutiny. Recent guidance from financial authorities emphasizes cybersecurity preparedness. Companies must demonstrate robust incident response capabilities. They should implement encryption for sensitive data both in transit and at rest. Furthermore, regular penetration testing and vulnerability assessments have become industry standards. The Figure breach may accelerate regulatory examinations of cybersecurity practices across the digital asset lending industry. Customer Impact and Response Measures Individuals affected by the Figure data breach should take immediate protective actions. Exposed personal information enables various forms of fraud. Cybercriminals may attempt account takeover attacks using stolen credentials. They might also conduct targeted phishing campaigns referencing the breach. Therefore, vigilance becomes essential for potentially impacted customers. Security experts recommend several response measures for breach victims: Monitor financial accounts for unauthorized activity Enable two-factor authentication on all financial accounts Review credit reports for suspicious inquiries or accounts Consider credit freezes with major bureaus to prevent new account fraud Use unique passwords for each online account Figure has established a dedicated response channel for affected customers. The company likely will provide specific guidance based on individual exposure levels. However, customers should independently verify any communications claiming association with Figure’s response. Attackers often exploit breach notifications to launch secondary phishing campaigns. Blockchain Security Paradox and Industry Implications The Figure breach reveals a fundamental security paradox in blockchain finance. Distributed ledger technology provides unprecedented transaction transparency and integrity. Yet, the applications built atop blockchain infrastructure remain susceptible to conventional attacks. This disconnect between protocol security and application vulnerability requires urgent industry attention. Blockchain lending platforms like Figure promise decentralized financial services. They aim to eliminate traditional intermediaries through smart contracts. However, customer onboarding, identity verification, and data storage often involve centralized components. These centralized elements become attractive targets for attackers. Therefore, the industry must develop more resilient architectural approaches. Several emerging technologies offer potential solutions. Zero-knowledge proofs could enable identity verification without exposing raw personal data. Decentralized identity systems might allow users to control their personal information. Homomorphic encryption could permit data processing without decryption. However, widespread implementation of these technologies remains years away. Meanwhile, companies must strengthen conventional cybersecurity measures while pursuing innovative approaches. Conclusion The Figure data breach represents a significant cybersecurity event with implications beyond a single company. This incident demonstrates that blockchain-based financial services face persistent threats from determined adversaries. The involvement of ShinyHunters highlights the professionalization of cybercrime targeting fintech platforms. Furthermore, the alleged insider component underscores the importance of comprehensive security frameworks addressing both external and internal threats. As the digital asset industry matures, security must become a foundational priority rather than a secondary consideration. The Figure data breach should catalyze industry-wide security enhancements. Companies must implement defense-in-depth strategies combining technological controls with human factors management. Regulatory bodies will likely increase scrutiny of cybersecurity practices across the sector. Ultimately, building trust through demonstrable security resilience will determine which blockchain financial platforms succeed in the coming years. FAQs Q1: What specific data was exposed in the Figure breach? The compromised information includes customer names, physical addresses, dates of birth, and phone numbers. The 2.5 GB dataset contained personally identifiable information but reportedly did not include financial account details or Social Security numbers according to initial assessments. Q2: How did ShinyHunters gain access to Figure’s systems? Cybersecurity investigators believe the breach involved insider assistance combined with external hacking techniques. The exact method remains under investigation, but evidence suggests credential compromise facilitated initial access before data exfiltration occurred. Q3: What should affected Figure customers do immediately? Impacted individuals should monitor their financial accounts for unusual activity, enable two-factor authentication where available, review credit reports for suspicious inquiries, and consider placing credit freezes with major bureaus to prevent identity theft. Q4: How does this breach affect Figure’s blockchain lending operations? The company continues operating its lending platform while investigating the breach. However, the incident may trigger regulatory examinations and could impact customer trust. Figure has implemented additional security measures and enhanced monitoring following the attack. Q5: Are other blockchain lending platforms at similar risk? All financial technology companies face cybersecurity threats, but specific risk profiles vary. The Figure breach highlights vulnerabilities in centralized data storage components common across many blockchain applications. The industry is likely to increase security investments following this incident. This post Blockchain Lender Figure Suffers Devastating Data Breach After Insider-Enabled Hack first appeared on BitcoinWorld .

14 Feb 2026, 12:45

Disney hits ByteDance with cease-and-desist order over Seedance 2.0 AI tool

Bytedance, the parent company of video streaming platform TikTok, was hit with a cease-and-desist letter from Disney over its new Seedance 2.0 generative AI tool. In the details of the order, Disney claimed that the Chinese company infringed on its creative property to train the new model. In the letter, which was first reviewed by Axios, Disney accused ByteDance of manipulating its copyrighted Disney characters as if they were available for use in the public domain. The letter further claims that Seedance 2.0 includes a “pirated library” full of Disney assets, listing some of its biggest franchises from Star Wars to Marvel superhero movies. The generative artificial intelligence model was released this week by ByteDance and has triggered a wave of criticism from people from all corners. Why did Disney serve ByteDance with a cease-and-desist order? In its letter, Disney claimed that ByteDance is choosing to hijack Disney’s character despite several well-publicized objections on the company’s part. According to Disney’s attorney, David Singer of Jenner & Block LLC, ByteDance is reproducing, distributing, and creating derivative works featuring those characters. “ByteDance’s virtual smash-and-grab of Disney’s IP is willful, pervasive, and totally unacceptable,” he added. The letter also mentioned that Disney believes that this violation is just the beginning, considering the fact that Seedance has only been available for a few days. In addition to Disney properties , the tool has also been used to generate videos using “The Lord of the Rings” assets and the likenesses of A-list Hollywood stars such as Will Smith, Brad Pitt, and Tom Cruise. The same stance was echoed in the statements released by SAG-AFTRA and the MPA, with both bodies speaking against Seedance 2.0 since it dropped. “SAG-AFTRA stands with the studios in condemning the blatant infringement enabled by ByteDance’s new A.I. video model Seedance 2.0,” a spokesperson for the actors’ union said in a statement. The spokesperson mentioned that the infringement includes the unauthorized use of members’ voices and likenesses, highlighting that it is a practice that is unacceptable and blocks real human talents from making a living with their abilities. “Seedance 2.0 disregards law, ethics, industry standards, and basic principles of consent,” the spokesperson added. Disney opens the door to artificial intelligence In its response to Seedance 2.0, the Motion Picture Association slammed Seedance 2.0 on Thursday in response to an AI-generated fight scene between Brad Pitt and Tom Cruise. The association accused the company of disregarding copyright laws and called on it to desist from any infringement activities. “In a single day, the Chinese AI service Seedance 2.0 has engaged in unauthorized use of U.S. copyrighted works on a massive scale,” Charles Rivkin, chairman and CEO of the MPA, said in their statement. “By launching a service that operates without meaningful safeguards against infringement, ByteDance is disregarding well-established copyright law that protects the rights of creators and underpins millions of American jobs. ByteDance should immediately cease its infringing activity,” Rivkin added. ByteDance is not the first AI firm to receive a cease-and-desist order from Disney. In December 2025, Disney sent a letter to Google, accusing the company of copyright infringement on a massive scale. Disney argued that Google is using its dominance in generative AI to commercially exploit and distribute infringing images and videos featuring Disney-owned characters. This came at a time when the company also sent the same letters to Meta and Character.AI. Disney also previously announced that it had joined NBCUniversal and Warner Bros. Discovery in litigation against Midjourney and MiniMax. At the same time, Disney has embraced AI, taking a $1 billion stake in OpenAI. In addition, the company has also announced plans to license its characters to OpenAI’s Sora video platform, with the company noting that the characters will be available for ChatGPT’s image generation tools. Sora-generated videos will also stream on Disney+, and OpenAI will also help power new features across its service. Get 8% CASHBACK when you spend crypto with COCA Visa card. Order your FREE card.

13 Feb 2026, 17:50

$3.85 Million in Ethereum From Mixin Network Hack Sent to Tornado Cash

Wallets linked to the $200 million exploit of Mixin in 2023 woke after nearly two years and moved funds to coin mixer Tornado Cash.

13 Feb 2026, 15:36

Bitcoin developers submit BIP-360 to add quantum resistance to protocol roadmap

In the quest to prepare the Bitcoin ecosystem to handle future quantum computing threats, Bitcoin developers have officially submitted BIP-360 into the Bitcoin Improvement Proposal repository. This milestone will place quantum resistance properly on Bitcoin’s technical roadmap for the first time ever. The proposal, which was co-authored by Hunter Beast (senior protocol engineer at MARA), cryptographic researcher Ethan Hellman, and technical communications specialist Foxen Duke, introduces a new output type known as Pay-to-Merkle-Root (P2MR) . This output type is designed to function similarly to Bitcoin’s Taproot addresses while eliminating the quantum-vulnerable spending method that makes current addresses susceptible to attack if sufficiently advanced quantum computers emerge. Pay-to-Merkle-Root removes Taproot’s vulnerability P2MR operates with a very similar functionality to Pay-to-Taproot (P2TR) outputs (Bitcoin’s most advanced address format, and introduced in 2021). However, there is one major difference- P2TR removes the “key-path spend” option that allows users to spend directly with a signature against a public key. According to the BIP-360 specification , this key-path mechanism creates the primary quantum vulnerability in Taproot because it exposes a tweaked public key on-chain, potentially allowing sufficiently powerful quantum computers running Shor’s algorithm to obtain the corresponding private key. On the other hand, P2MR commits exclusively to the Merkle root of a Tapscript tree without including an internal public key. When users are spending from a P2MR output, they must reveal a script path (provide a leaf script from the Merkle tree along with the proof showing its inclusion). Experts explained that because hashing algorithms are generally considered more quantum-secure than elliptic curve signatures, this method offers a lot more quantum resistance. This new technical structure preserves Bitcoin’s smart contract flexibility. Users will still be able to create complex spending conditions through Tapscript (the scripting language that enables features like multi-signature wallets, time-locked transactions, and conditional payments). However, forcing all spends through the script path and eliminating direct public key exposure allows P2MR to drastically reduce the attack surface for quantum computers. Other analysts also discovered that Taproot addresses (beginning with “bc1p”), Pay-to-Public-Key (P2PK) outputs, and reused addresses are some of Bitcoin’s vulnerable address types due to the fact that public keys would be visible in scenarios like the ones mentioned in this report. P2MR addresses, which would begin with “bc1z” under current proposals, will offer protection against this exposure, but it might incur slightly higher transaction fees due to the additional witness data required for script path spends. How far away is the quantum threat to Bitcoin? The urgency behind BIP-360 originates from accelerating quantum computing development across multiple fronts. Industry roadmaps led by the likes of IBM, Google, Microsoft, Amazon and Intel suggest that quantum computers may be able to decrypt the Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography used for Bitcoin’s public-private key encryption “in as little as 5 years” according to analysis by the BIP-360 team. Recent breakthroughs have intensified these concerns as well. Google launching its “Willow” quantum chip in December 2025, and Microsoft’s progress on Majorana 1 chip development brought quantum computing’s potential threat to Bitcoin further into the light. While experts debate the exact timeline for when “Cryptographically Relevant Quantum Computers” (CRQCs) will emerge, the pace of development has convinced protocol engineers that preparation cannot wait for certainty. Government agencies have already started preparing the transition. The US federal government issued a directive to phase out ECDSA cryptography entirely by 2035. This timeline was given as a result of the government recognizing that the migration timeline for critical infrastructure takes years (or even decades). The National Security Agency’s CNSA 2.0 framework also calls for quantum-safe systems by 2030, while the National Institute of Standards includes ML-DSA (Dillithium) and SLH-DSA (SPHINCS+) as approved algorithms for federal use. “While the amount of time we have to prepare for a quantum event is uncertain, it seems reasonable to ensure that Bitcoin is prepared for a range of possible outcomes,” the BIP-360 team said. “Additionally, we must consider the total time needed for an effective transition—at the BIP level, the software level, the infrastructure level, and the user-transition level. A smooth and effective QR transition plan for Bitcoin could take several years to execute—with more prep time inevitably leading to better security outcomes for all.” Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.

13 Feb 2026, 13:30

Binance France CEO Home Invasion: Shocking Armed Break-In Highlights Crypto Executive Security Crisis

BitcoinWorld Binance France CEO Home Invasion: Shocking Armed Break-In Highlights Crypto Executive Security Crisis PARIS, France – In a startling security breach that has sent shockwaves through the cryptocurrency industry, armed assailants forcibly entered the private residence of the Binance France CEO this week. Fortunately, the executive was not present during the Binance France CEO home invasion, but the incident raises urgent questions about the physical security of high-profile crypto leaders globally. The perpetrators fled with only two mobile phones before authorities apprehended them at a nearby train station, according to initial reports from French media outlet Unfolded. Binance France CEO Home Invasion: Timeline and Immediate Aftermath The incident occurred during daylight hours in a residential Paris neighborhood. According to preliminary police reports, multiple individuals gained unauthorized entry to the executive’s home using force. They conducted a rapid search of the premises before departing with personal electronic devices. Meanwhile, French law enforcement agencies received alerts about suspicious activity in the area. Consequently, officers quickly identified and intercepted the suspects at the Gare du Nord train station. Police subsequently took all individuals into custody for questioning and investigation. This Binance France CEO home invasion follows a concerning pattern of targeted crimes against cryptocurrency executives worldwide. In recent years, several high-profile figures in the digital asset space have reported security incidents. For instance, industry leaders have faced kidnapping attempts, sophisticated phishing schemes, and physical surveillance. The French National Police’s Cybercrime Unit has now taken primary responsibility for the investigation. They are examining potential motives ranging from attempted data theft to intimidation tactics against the cryptocurrency exchange. Cryptocurrency Executive Security: An Escalating Global Concern The security of cryptocurrency executives has become increasingly critical as digital assets gain mainstream adoption. High-net-worth individuals in this sector often face unique vulnerabilities. Unlike traditional finance executives, crypto leaders manage decentralized technologies that can attract attention from various threat actors. Furthermore, the public nature of blockchain transactions sometimes makes wealth more visible than in conventional banking systems. Security experts identify several specific risks facing crypto executives: Physical Security Gaps: Many executives maintain public profiles while underestimating personal protection needs Digital-Physical Convergence: Mobile devices often contain both personal data and potential access to professional systems Geographic Targeting: Criminals may target executives in jurisdictions perceived as having lighter security protocols Industry Reputation: The crypto sector’s association with innovation sometimes overshadows traditional security considerations Comparative analysis reveals significant variation in security approaches across major cryptocurrency exchanges: Cryptocurrency Exchange Executive Security Protocols (2024) Exchange Executive Protection Incident Response Public Disclosure Binance Global Varied by region 24/7 security teams Case-by-case basis Coinbase Comprehensive executive protection Immediate law enforcement coordination Regulatory compliance focused Kraken Decentralized security approach Transparent communication Often public about incidents FTX (pre-collapse) Minimal executive protection Ad hoc response Limited disclosure Expert Analysis: Security in the Digital Asset Era Dr. Isabelle Renault, cybersecurity professor at Sciences Po Paris and former Interpol consultant, provides crucial context. “This Binance France CEO home invasion represents more than an isolated crime,” she explains. “It reflects systemic vulnerabilities in how we protect leaders of disruptive financial technologies. These executives manage platforms securing billions in digital assets while often maintaining surprisingly accessible personal lives.” Renault continues with specific recommendations. “Effective protection requires integrated physical-digital security protocols. For example, mobile device management becomes critical when devices contain both personal communications and potential professional access points. Furthermore, residential security must evolve beyond traditional alarm systems to address targeted intrusion attempts.” French Regulatory Context and Crypto Industry Implications France has positioned itself as a welcoming jurisdiction for cryptocurrency businesses through its Digital Asset Service Provider (DASP) registration system. The Binance France entity obtained this registration in 2022, allowing it to operate legally within the country. This regulatory framework includes specific compliance requirements but does not mandate executive protection standards beyond general corporate governance. The incident occurs during a period of increased regulatory scrutiny for cryptocurrency exchanges globally. European authorities are implementing the Markets in Crypto-Assets (MiCA) regulation, which establishes comprehensive rules for crypto service providers. However, MiCA primarily addresses financial stability and consumer protection rather than executive security protocols. Consequently, individual companies must develop their own physical security measures for leadership teams. Industry observers note several potential impacts from this security breach: Increased Security Budgets: Cryptocurrency exchanges may allocate more resources to executive protection Talent Retention Concerns: High-profile executives might reconsider roles without adequate security provisions Regulatory Attention: Authorities could examine whether security incidents affect operational resilience requirements Competitive Differentiation: Exchanges with superior security protocols may gain recruitment advantages Historical Context: Previous Security Incidents in Cryptocurrency The Binance France CEO home invasion follows several notable security incidents affecting cryptocurrency industry figures. In 2022, a Coinbase executive faced a sophisticated phishing campaign attempting to compromise corporate systems. Meanwhile, in 2021, the founder of a decentralized finance platform survived a kidnapping attempt in South America. These incidents collectively demonstrate escalating threats against cryptocurrency leadership. Law enforcement agencies worldwide have developed specialized capabilities for crypto-related crimes. Europol’s European Cybercrime Centre (EC3) established a cryptocurrency tracking team in 2016. Additionally, the U.S. Department of Justice formed a National Cryptocurrency Enforcement Team in 2021. These specialized units increasingly collaborate across borders to investigate crimes targeting cryptocurrency executives and infrastructure. Technological Solutions and Security Best Practices Security professionals recommend specific measures for cryptocurrency executives following incidents like the Binance France CEO home invasion. Multi-factor authentication remains essential for all digital accounts. Physical security should include comprehensive residential assessments by professional firms. Moreover, operational security protocols must separate personal and professional digital footprints. Regular security awareness training helps executives recognize surveillance and targeting behaviors. Advanced technological solutions are gaining adoption. Hardware security modules provide tamper-resistant key storage for digital assets. Decentralized identity solutions allow authentication without centralized vulnerability points. Additionally, privacy-enhancing technologies can obscure transaction patterns that might reveal executive wealth or movements. These technical measures complement traditional executive protection approaches. Conclusion The Binance France CEO home invasion represents a critical moment for security consciousness in the cryptocurrency industry. While the swift arrest of suspects demonstrates effective law enforcement response, the incident highlights persistent vulnerabilities. As digital asset platforms continue evolving toward mainstream finance integration, executive protection must advance accordingly. The industry faces dual challenges: maintaining the innovative, accessible ethos that drives cryptocurrency adoption while implementing robust security for those building this financial future. This incident will likely accelerate security investments and protocol developments across major cryptocurrency exchanges globally. FAQs Q1: What exactly happened during the Binance France CEO home invasion? Armed individuals broke into the executive’s Paris residence while no one was home. They stole two mobile phones before fleeing. Police subsequently arrested the suspects at a train station. Q2: Has Binance France commented on the security incident? As of publication, Binance France has not released an official statement. The company typically follows law enforcement guidance regarding ongoing investigations before public commentary. Q3: How common are security incidents targeting cryptocurrency executives? While comprehensive statistics are limited, several high-profile incidents have occurred in recent years. These include phishing attempts, surveillance operations, and occasional physical threats against crypto industry leaders globally. Q4: What security measures do cryptocurrency exchanges typically implement for executives? Approaches vary significantly by company and jurisdiction. Common measures include residential security assessments, executive protection details during travel, cybersecurity training, and specialized digital asset protection protocols for personal holdings. Q5: Could this incident affect Binance’s operations in France? Unless investigations reveal broader security or compliance failures, the incident alone is unlikely to affect regulatory status. However, it may prompt internal security reviews and potentially influence how French authorities view executive protection standards for registered crypto firms. This post Binance France CEO Home Invasion: Shocking Armed Break-In Highlights Crypto Executive Security Crisis first appeared on BitcoinWorld .

13 Feb 2026, 13:20

Mixin Hacker’s Shocking Return: $4 Million ETH Sell-Off After Two-Year Silence

BitcoinWorld Mixin Hacker’s Shocking Return: $4 Million ETH Sell-Off After Two-Year Silence In a startling development for blockchain security, the perpetrator behind the massive 2022 Mixin Network exploit has broken a nearly two-year silence. The Mixin hacker has initiated a significant sell-off of stolen Ethereum, moving over $4 million through the privacy protocol Tornado Cash. This action marks a critical new chapter in one of cryptocurrency’s most substantial unsolved security breaches, raising urgent questions about fund recovery and market stability. Mixin Hacker Resurfaces with Major ETH Transactions Blockchain intelligence firm Lookonchain first detected the renewed activity, citing data from analytics platform Arkham. The movement began approximately 15 hours before reporting, according to the timestamped transaction data. Initially, the hacker transferred 2,005 ETH, valued at approximately $3.85 million, directly into Tornado Cash. This crypto mixing service obscures transaction trails by pooling and redistributing funds. Subsequently, a slightly larger amount of 2,087 ETH ($4.03 million) emerged from Tornado Cash. These funds flowed into three freshly created cryptocurrency wallets. The entities behind these wallets then sold the entire Ethereum haul. They executed the sales at an average price point of $1,933 per ETH. This precise timing and method suggest a calculated strategy to liquidate assets while attempting to maintain anonymity. Anatomy of the $200 Million Mixin Network Exploit To understand the significance of this sell-off, one must revisit the original incident. The Mixin Network breach occurred in September 2022. Mixin is a Hong Kong-based decentralized cross-chain transfer protocol. It facilitates asset transfers between different blockchain networks. The attack targeted the network’s cloud service provider database. The exploit resulted in a loss of approximately $200 million in user assets. This figure positioned it among the top ten largest crypto hacks in history at that time. The stolen assets were not limited to Ethereum. The hacker’s wallet, which remains publicly identifiable on the blockchain, still contains a vast portfolio. Current holdings include: 57,849 ETH: Worth approximately $113.4 million at current prices. 891 BTC: Valued at roughly $59.7 million. The two-year dormancy period was unusual. Typically, hackers move stolen funds quickly to avoid tracking and freezing attempts by exchanges and authorities. This prolonged inactivity led some analysts to speculate about the hacker’s circumstances or strategy. Expert Analysis on Hacker Behavior and Market Impact Security experts point to several possible reasons for the timing of this sell-off. Firstly, the general cryptocurrency market has shown significant recovery since late 2023. Ethereum’s price has stabilized well above its post-exploit lows. This provides a favorable environment for converting stolen assets into stable currency or other forms of value. Secondly, the use of Tornado Cash remains a focal point. The protocol was sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in August 2022. This sanction made it illegal for U.S. persons to interact with the service. However, it remains accessible elsewhere. The hacker’s choice demonstrates the ongoing challenge of regulating decentralized privacy tools. Thirdly, the movement could signal a testing phase. By moving a relatively small portion of the total haul, the hacker may be probing the responsiveness of law enforcement and blockchain surveillance firms. A successful, undeterred transaction might encourage larger moves in the future. The immediate market impact of selling 2,087 ETH is minimal. Daily Ethereum trading volume regularly exceeds $10 billion. However, the psychological impact is more substantial. It reminds the market of significant, unrecouped losses and the persistent presence of major threat actors. The Evolving Landscape of Crypto Asset Recovery The Mixin case highlights the complex, international effort required for crypto asset recovery. Following the 2022 hack, Mixin founder Feng Xiaodong publicly addressed the community. He announced a $20 million bug bounty for the return of the funds. The hacker never responded to this offer. Since then, asset recovery has become more sophisticated. Firms like Chainalysis, TRM Labs, and CipherTrace now work closely with global law enforcement. Their tools can often track funds even after they pass through mixers like Tornado Cash. This is achieved by analyzing deposit and withdrawal patterns, timing, and amounts. Furthermore, international coordination has improved. The Joint Chiefs of Global Tax Enforcement (J5) and similar coalitions share intelligence across borders. Major exchanges have implemented stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. These measures can flag and freeze funds linked to known illicit addresses when they attempt to cash out. The table below summarizes key details of the recent transaction and remaining holdings: Asset Amount Moved/Sold Approx. Value Destination/Action Ethereum (ETH) 2,005 ETH $3.85M Transferred to Tornado Cash Ethereum (ETH) 2,087 ETH $4.03M Sold from new wallets @ ~$1,933/ETH Ethereum (ETH) – Held 57,849 ETH $113.4M Remaining in hacker’s wallet Bitcoin (BTC) – Held 891 BTC $59.7M Remaining in hacker’s wallet Conclusion The Mixin hacker’s decision to sell 2,087 ETH after two years of inactivity is a significant event in the ongoing narrative of the 2022 exploit. It underscores the persistent threat of dormant stolen funds re-entering the ecosystem. While the direct market impact of this $4 million sell-off is limited, it serves as a stark reminder of the challenges in blockchain security and asset recovery. The movement of funds through Tornado Cash highlights the continuous tension between financial privacy and regulatory oversight. The crypto community and security agencies will undoubtedly monitor the hacker’s remaining $173 million in assets with heightened vigilance, as this activity may signal the beginning of a larger liquidation strategy. FAQs Q1: What is the Mixin Network? The Mixin Network is a decentralized, cross-chain transfer protocol founded in 2017. It enables users to transfer digital assets between different blockchains quickly and with low fees. The network suffered a major security breach in September 2022. Q2: How much was stolen in the original Mixin hack? The 2022 exploit resulted in the loss of approximately $200 million worth of user assets. This made it one of the largest cryptocurrency hacks in history at the time. Q3: What is Tornado Cash and why is it significant here? Tornado Cash is an Ethereum-based privacy protocol, or “mixer,” that obscures the link between the source and destination of funds. The Mixin hacker used it to try and anonymize the stolen ETH before selling it. Its use complicates tracking efforts by authorities. Q4: Does this sell-off mean the hacker has been caught? No. The sell-off indicates the hacker is actively moving funds but does not imply they have been identified or apprehended. The transactions are visible on the public blockchain, but the real-world identity behind the wallet address remains unknown. Q5: What happens to the remaining $173 million in stolen crypto? The remaining 57,849 ETH and 891 BTC are still held in the hacker’s known wallet address. Their future movement is uncertain. Security firms and law enforcement will monitor this address closely. Any attempt to move or sell these large sums will trigger alerts across the crypto surveillance industry. This post Mixin Hacker’s Shocking Return: $4 Million ETH Sell-Off After Two-Year Silence first appeared on BitcoinWorld .