Voltage Finance hacker is active again: stolen ETH sent via Tornado Cash
Date: 2025-05-07 Author: Gabriel Deangelo Categories: BUSINESS
Blockchain security company CertiK has detected suspicious activity: 100 ETH, equivalent to approximately $182,783, was withdrawn from an address previously involved in the Voltage Finance hack. According to Etherscan, the address had been inactive for more than five months, with the last transaction dating back 166 days.
The initial hack occurred in March 2022, when the attacker exploited a vulnerability in the ERC-677 token callback function. He carried out a reentrancy attack, draining the platform's lending pool. It was later revealed that USDC, Binance USD (BUSD), ETH, and wBTC were stolen. Voltage Finance then flagged the hacker's address on Etherscan and asked crypto exchanges to block any transactions with it. The platform team also tried to establish contact with the hacker, offering a reward in exchange for the return of assets.
Three years later, on March 18, 2025, the platform was hit again - this time the attack affected Simple Staking pools. As a result of the attack, $322,000 worth of cryptocurrency was stolen. Two days later, on March 20, Voltage Finance made an official offer to the hacker: $50,000 if he agreed to return the assets.
The project team also reported that they suspected one of the developers who had access to the pool of possible involvement in the attack. Although no direct evidence was presented, the suspect's access was immediately restricted. Currently, cooperation is underway with law enforcement agencies and large centralized exchanges to investigate the incident.
In the crypto world, such cases often end with a refund: the hacker who attacked the ZKsync protocol in April returned 90% of what he stole, keeping part of it as a “reward.” The attacker who hacked the decentralized exchange KiloEx did the same, returning part of the assets to the platform.
