Cork Protocol Exploiter Resurfaces, Launders $11M and Donates to Tornado Cash Defense Fund

On Wednesday, June 25, blockchain security firm PeckShield Alert flagged renewed activity from wallet addresses linked to the Cork Protocol hack. These movements mark the first since the May 28 attack , which saw the decentralized finance (DeFi) platform drained of approximately 3,761 wrapped staked ETH (wstETH).

#PeckShieldAlert #CorkProtocol Exploiter 2 – labeled address has transferred a total of 4,520 $ETH (worth ~$11M) to #TornadoCash & donated 10 $ETH to #Juicebox : Free Alexey & Roman (Tornado Cash developers’ legal fund) https://t.co/ITTET3M1Ak

— PeckShieldAlert (@PeckShieldAlert) June 25, 2025

According to PeckShield, the exploiter began by transferring 1,410 ETH — worth roughly $3.2 million — to Tornado Cash, a privacy-focused crypto mixer often used to obscure the origins of stolen assets. This was followed by an additional 3,110 ETH transfer, bringing the total laundered to 4,520 ETH, or around $11 million at current market rates.

In a surprising turn, the attacker also sent a 10 ETH donation to a Juicebox crowdfunding campaign supporting the legal defense of Tornado Cash developers, Alexey Pertsev and Roman Storm. Both developers are currently facing legal action over the platform’s use by cybercriminals and sanctioned entities.

While the motive behind the donation remains unclear, it has added a new layer of complexity to Cork Protocol’s ongoing recovery efforts. Earlier this month, the protocol stated that it remains committed to asset recovery and is collaborating with security partners. However, the recent laundering through Tornado Cash could further complicate the tracking and retrieval of stolen funds.

The original breach targeted Cork’s wstETH:weETH market, exploiting two sophisticated flaws in the protocol’s code. The attacker reportedly deployed a malicious hook to bypass validation checks and quickly moved the assets through the 1inch exchange aggregator, effectively obfuscating their trail.

As investigations continue, Cork Protocol has promised to strengthen its defenses to prevent similar exploits in the future.

If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.

“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”