TL;DR
- On March 16, several Remilia wallets were compromised.
- The hackers stole a total of 844 ETH and other assets worth 544 ETH.
- The funds were transferred to Tornado Cash, making them difficult to trace.
On March 16, a major security incident affected Remilia, the founder of Milady Maker and other related projects.
Several Remilia digital wallets were compromised, apparently due to a vulnerability in their BitWarden account.
We have seen a deposit of a total of 1209.5 ETH (~$4.3M) into https://t.co/0lwPdz0OWi that was traced to multiple compromised addresses in the Remilia incident on Mar 16th.
To learn more about the incident and other major private key compromises in March,… pic.twitter.com/ycPgPbPwGf
— CertiK Alert (@CertiKAlert) June 17, 2024
This security breach allowed attackers to access multiple wallets, resulting in the theft of 300 ETH and several additional assets valued at 544 ETH, including REMIO and MILADY NFTs.
The list of affected wallets includes addresses such as remiliacollective.eth, charlemagnefang.eth, remiliadao.eth, among others.
The attack also affected Remilia’s multisig wallet, which initially required 3 out of 4 signatures to approve transactions, a security measure that was later increased to 4 out of 4 signatures.
However, the attackers had already obtained the private keys of all signatories, allowing them to drain this wallet of all its funds.
After the theft, the assets were divided and distributed among several new addresses.
The first exploited wallet sold several NFTs and distributed 844.8 ETH, approximately $3 million, between two new wallets.
The second exploited wallet, known as 0x8ac, received an additional 211 ETH and, after the sale of more NFTs, accumulated a total balance of 492 ETH, equivalent to $1.7 million.
Movement of Funds from Remilia to Tornado Cash
The situation was further complicated when the attackers began moving the stolen funds to Tornado Cash, a cryptocurrency mixer known for its ability to obfuscate transactions and make assets difficult to trace.
According to reports from blockchain analysis company CertiK, a deposit of 1,209.5 ETH, valued at approximately $4.3 million, was detected in Tornado Cash from addresses compromised in the Remilia incident.
This move was made about three months after the initial attack, underscoring the patience and meticulous planning of the attackers.
The use of cryptocurrency mixers like Tornado Cash poses serious challenges for financial crime investigations in the world of cryptocurrencies.
The Remilia community and those responsible for the project have been working hard to mitigate the damage and recover funds, although the path appears complicated due to the advanced techniques used by the attackers.
