Mixin Network’s 2023 exploit is back in focus after an attacker linked wallet moved 2,005 ETH into Tornado Cash following nearly two years of inactivity.
Key Takeaways
- A wallet tied to the September 2023 Mixin Network exploit sent 2,005 ETH worth about $3.85 million into Tornado Cash after nearly two years of dormancy.
- Onchain tracking accounts said new wallets later received mixed ETH and sold tokens around $1,933 per ETH, suggesting an attempt to cash out.
- The attacker wallet still holds large balances, including 57,849 ETH and 891 BTC, keeping pressure on the story for users and investigators.
What Happened?
Onchain watchers flagged new activity from a wallet linked to the roughly $200 million Mixin Network exploit. The wallet sent 2,005 ETH to Tornado Cash, reviving concerns about how much of the stolen crypto could still be moved and sold.
🚨 MistTrack Alert 🧐
— MistTrack🕵️ (@MistTrack_io) February 13, 2026
The hacker behind the 2023 ~$200M exploit of #Mixin (0x52E86988bd07447C596e9B0C7765F8500113104c) became active again ~16 hours ago.
So far:
👉 2,005 $ETH sent to 0x9cba859288fa0b4ec43ebb90bb64a9dbbddc787f;
👉 That address subsequently routed 2,000 $ETH… pic.twitter.com/jPJNugrcm0
The Dormant Mixin Hacker Wallet Moves Again
A wallet tagged by Arkham Intelligence and tracked by accounts such as Lookonchain resumed activity after nearly two years, pushing 2,005 ETH into Tornado Cash. In another observed flow, funds first moved from the hacker wallet into a fresh address and then went to Tornado Cash in multiple transactions.
The timing stood out because the attacker wallet had been largely quiet since the original breach in September 2023. The latest movement was flagged around February 12, 2026, marking one of the first meaningful transfers from the address in a long stretch.
What Onchain Data Shows After the Tornado Cash Deposit?
Lookonchain reported that shortly after the mixer deposit, three newly created wallets received a combined 2,087 ETH from Tornado Cash and sold the tokens at around $1,933 per ETH. The pattern, fresh wallets followed by quick sales, is often associated with efforts to turn mixed funds into liquid proceeds.
Even after the latest transfers, the attacker controlled wallet still holds 57,849 ETH and 891 BTC, based on Arkham tracked balances. At the rough prices cited in the reports, that stash is still worth well over $170 million, meaning only a slice of the alleged stolen funds has been routed through the mixer so far.
Recap of the 2023 Mixin Network Exploit
Mixin Network disclosed in September 2023 that its cloud service provider database had been attacked, leading to the loss of about $200 million in assets. The stolen haul included 59,854 ETH, 891 BTC, and around $23.57 million in USDT, which was later swapped for DAI.
After the breach, Mixin temporarily suspended deposits and withdrawals and said it contacted Google and blockchain security firm SlowMist to help with the investigation. Mixin’s leadership also posted an onchain message offering a $20 million bounty to the attacker.
The incident also triggered debate about infrastructure choices. Some users questioned how decentralized the project really was if a cloud database compromise could lead to such a large loss.
Mixin’s User Repayment Update and Debt Tokens
Mixin later described a compensation plan that included partial repayment and claims for the remainder. In an October 2025 update, the team wrote:
The team said it intends to fully repay debt represented by MDTu, worth about $23 million, by September 23, 2026, but added there was no repayment schedule for MDTb and MDTe.
Mixin also continued operating after the exploit and has said it has more than $1 billion in assets under management and more than 1 million customers across its wallet, custody, and trading infrastructure products.
A Bigger Pattern in Crypto Hacks
Long dormancy is not unusual in major exploits. Attackers often leave funds untouched for months or years before trying to launder them through mixers and other obfuscation tools.
Mixin’s case also lands in a broader wave of crypto theft. Chainalysis said more than $3.4 billion in cryptocurrency was stolen in 2025, driven in part by a record $1.5 billion compromise at Bybit and rising attacks on centralized services and individual wallets.
CoinLaw’s Takeaway
I found the two year silence followed by a clean Tornado Cash deposit to be the most telling part of this story. In my experience, hackers wait until attention fades, then test the waters with a smaller move before scaling up. The uncomfortable truth is that the huge balances still sitting in that wallet act like a shadow over the whole incident. Even if only a portion gets sold, it can create sudden bursts of selling pressure, fresh compliance scrutiny, and new anxiety for affected users who thought the worst was over.
