What Just Moved From the 2023 Exploit?
A wallet linked to the $200 million exploit of Mixin Network in September 2023 has resumed activity after nearly two years of dormancy, sending 2,005 ETH to privacy mixer Tornado Cash. The transfer, valued at roughly $3.85 million, was flagged by blockchain analytics account Lookonchain.
Shortly after the transfer, three newly created wallets received a combined 2,087 ETH from Tornado Cash and sold the tokens at around $1,933 per ether, according to the same onchain analysis. The timing suggests an effort to convert part of the long-held funds into liquid proceeds following a lengthy pause.
Despite the recent movement, the original wallet still holds 57,849 ETH and 891 BTC, based on publicly visible data from Arkham. At current prices, that remaining balance is valued at well over $170 million, indicating that only a small portion of the stolen assets has been routed through the mixer so far.
Investor Takeaway
What Happened in the Mixin Network Breach?
Mixin Network disclosed in September 2023 that its cloud service provider’s database had been compromised, leading to the loss of roughly $200 million in digital assets. The stolen haul included 59,854 ETH, 891 BTC, and around $23.57 million in USDT. The stablecoins were later swapped for DAI.
Following the breach, Mixin temporarily suspended deposit and withdrawal services. The project said it contacted Google and blockchain security firm SlowMist to assist with the investigation. In an onchain message, Mixin’s leadership also offered a $20 million bounty to the attacker.
The incident triggered broader questions about infrastructure design and operational controls. Some users raised concerns over the project’s decentralization claims after it emerged that a cloud database compromise could result in such a large asset loss.
Why Use Tornado Cash After a Long Dormancy?
Onchain attackers frequently leave stolen funds untouched for extended periods before attempting to move or launder them. This strategy can reduce immediate scrutiny and allow legal and regulatory attention to shift elsewhere before funds are mixed or transferred.
Tornado Cash, a privacy-focused Ethereum mixer, has long been used to obfuscate the origin of funds by pooling and redistributing deposits. Although transactions remain visible on public blockchains, the mixing process complicates straightforward tracing between sender and recipient addresses.
In this case, the quick movement from Tornado Cash into newly created wallets, followed by sales at market prices, indicates at least part of the goal was conversion rather than long-term concealment. The remaining large balances in the original wallet suggest further activity remains possible.
Investor Takeaway
How Does This Fit Into the Broader Hack Landscape?
The Mixin exploit adds to a growing list of major crypto breaches in recent years. According to blockchain analytics firm Chainalysis, more than $3.4 billion worth of cryptocurrency was stolen in 2025 alone. That total included a record $1.5 billion compromise at Bybit and a wider increase in attacks targeting centralized services and individual wallets.
While not all stolen funds are immediately liquidated, the reactivation of dormant wallets serves as a reminder that historical breaches can continue to ripple through markets. Even years after an exploit, holders and exchanges may face renewed monitoring and compliance scrutiny when long-idle addresses become active.
