Mixin Hacker Resurfaces After 2 Years, Moves to Launder 2,005 Ethereum

The Mixin hacker has resurfaced after two years of dormancy, now making efforts to launder parts of the 59,000 Ethereum stolen from the exploit.

The Mixin network exploiter, who drained about $200 million worth of Ethereum (ETH), Bitcoin (BTC), and other crypto assets from the Hong Kong-based network, appears to have begun laundering the ETH assets, recently transferring 2,005 ETH tokens to Tornado Cash.

Interestingly, the latest transaction originated from the original exploiter address after two years of dormancy and has reduced its Ethereum stash to 57,802 tokens worth $113.58 million at press time. 

Key Points

• The Mixin network hacker has resurfaced after two years of dormancy, with early efforts to launder the Ethereum tokens stolen from the exploit.
• In the latest transaction, the original exploiter address moved 2,005 ETH worth nearly $4 million to crypto mixer Tornado Cash.
• Following the transaction, the hacker now holds 57,802 ETH valued at $133.58 million and 891 BTC worth nearly $60 million.
• The Mixin network hack was a high-profile exploit that drained $200 million worth of crypto assets from the Hong Kong-based P2P network.

Details of the Recent Transactions

The recent transactions were indexed by Lookonchain, a leading blockchain surveillance platform, today. On-chain data confirms that the asset movements began yesterday at 09:22 PM UTC, involving the transfer of exactly 2,005 ETH worth $3.996 million to an unidentified wallet, 0x9…87f.

Note that #MixinHacker, who previously stole $200M, appears to be selling 59,854 $ETH($117M) after 2 years of inactivity!

15 hours ago, he sent 2,005 $ETH($3.85M) to #TornadoCash.

Soon after, 3 new wallets received 2,087 $ETH ($4.03M) from #TornadoCash and sold it at $1,933.… pic.twitter.com/8ujC2Berfz

— Lookonchain (@lookonchain) February 13, 2026

Interestingly, the wallet is relatively new, with the 2,005 ETH transfer being its first transaction. Barely a minute after receiving the tokens, 0x9…87f started moving the tokens to Tornado Cash in batches of 100 ETH transactions each. The address made 20 of these transfers to Tornado Cash, totaling 2,000 ETH. Currently, it has retained 5 ETH tokens. 

Meanwhile, Lookonchain found that, shortly after the transfers to Tornado Cash, three new wallets purportedly connected to the Mixin hacker emerged and received a total of 2,087 ETH tokens from Tornado Cash across multiple transactions of about 99 ETH each. The wallets sold all the tokens for $4 million in DAI.

At press time, the Mixin network hacker still holds 57,802 ETH tokens worth $133.58 million. Meanwhile, the Bitcoin address recorded no new movements during this time, remaining dormant since receiving 891 BTC during the September 2023 exploit.

The Mixin Hack

For the uninitiated, the Mixin Network hack ranks among the largest crypto thefts of 2023. The breach targeted the Hong Kong-based peer-to-peer digital asset platform. On Sept. 23, 2023, attackers infiltrated the database of Mixin’s cloud service provider, compromising the network’s mainnet hot wallets.

Mixin confirmed the incident two days later, stating that the attack led to losses initially estimated at about $200 million. The platform immediately suspended deposit and withdrawal services while keeping peer-to-peer transfers active. 

How the Hack Occurred

Notably, the attackers exploited a centralized cloud database that handled user accounts, session management, and hot wallet access. Although Mixin used a custom kernel with a directed acyclic graph structure for cross-chain transfers, the reliance on centralized infrastructure created a single point of failure. 

After breaching the database, the hackers gained access to hot wallet controls and executed thousands of transactions to extract the funds.

On Ethereum, the attackers drained 59,808 ETH through more than 10,000 transactions across over 11,400 wallets. They also transferred 891 BTC in three transactions from 127 wallets. In addition, they removed 23.57 million USDT and quickly swapped it for DAI on decentralized exchanges. 

Total tracked losses reached roughly $144.1 million, with other assets bringing Mixin’s internal estimate closer to $200 million. Investigators linked portions of the funds to wallets previously associated with the Lazarus Group. Notably, the ETH and BTC assets remained dormant until the recent 2,005 ETH transfer.