logo
Back to News
Voltage Finance Exploiter Moves Funds to Tornado Cash

Voltage Finance Exploiter Moves Funds to Tornado Cash

DeFi Security

Voltage Finance Exploiter Moves Funds to Tornado Cash

A hacker responsible for the $4.67 million exploit of Voltage Finance in 2022 has reactivated their activity. Blockchain security firm CertiK reported that 100 ETH (approximately $182,783 at the time of reporting) was transferred to Tornado Cash from an address linked to the original exploit. This follows a period of inactivity since November 2022.

CertiK’s analysis indicates the exploit leveraged a "built-in callback function" vulnerability in the ERC677 token standard, resulting in a successful reentrancy attack that drained Voltage Finance's lending pool. This attack allowed the hacker to repeatedly withdraw funds before the platform could update its balance.

The initial breach in March 2022 involved the theft of various crypto assets, including USDC, BUSD, WBTC, and ETH, as reported by Voltage Finance. Following the exploit, Voltage Finance engaged in attempts to recover funds and contacted exchanges requesting the blocking of transactions associated with the attacker's address.

Second Voltage Finance Exploit

Voltage Finance experienced a second exploit on March 18, 2023, impacting its Simple Staking pools and resulting in $322,000 in losses. In their post-mortem report, Voltage Finance detailed offering a bounty to the hacker and investigations involving a possible developer who may have been involved.

Codeum's Role in Blockchain Security

Incidents like the Voltage Finance exploit highlight the critical need for robust security measures in DeFi. Codeum offers comprehensive blockchain security services, including:

  • Smart contract audits
  • KYC verification
  • Custom smart contract and DApp development
  • Tokenomics and security consultation
  • Partnerships with launchpads and crypto agencies

By proactively addressing security vulnerabilities, Codeum helps projects build secure and resilient blockchain applications. Contact us today to learn how we can assist you.

April's Crypto Losses

April 2025 saw a significant spike in cryptocurrency losses, totaling $92 million. While the majority stemmed from a single, large social engineering attack targeting an elderly US individual ($330.7 million in Bitcoin), excluding this case, losses still increased by 21% compared to March.

However, there were also instances of funds being returned. The hacker behind the $7.5 million KiloEx exploit returned $5.5 million, and the ZKSync Association recovered $5 million worth of stolen tokens. These cases demonstrate the varied landscape of security incidents and recovery efforts in the crypto space.

Tags

#Voltage Finance#Tornado Cash#DeFi Exploit#Reentrancy Attack#Blockchain Security#Smart Contract Audit#Cryptocurrency Security#ETH#CertiK
Share this article

Related News

GMX Exploit: $42M Hack & Token Plunge
DeFi Security

GMX Exploit: $42M Hack & Token Plunge

WhiteRock Founder Arrested in $30M ZKasino Scam
DeFi Security

WhiteRock Founder Arrested in $30M ZKasino Scam

$8.3M Exploit on Alex Protocol: Full Reimbursement Planned
DeFi Security

$8.3M Exploit on Alex Protocol: Full Reimbursement Planned