In a major development shaking the cryptocurrency community, the wallet linked to the 2023 Mixin Network exploit—responsible for stealing approximately $200 million—has sprung back to life after over two years of complete dormancy. On February 13, 2026, onchain data revealed the hacker initiating transfers, marking the first significant activity since the breach.
Blockchain monitoring firm Lookonchain first flagged the movements. The hacker transferred 2,005 ETH, worth roughly $3.85 million at the time, directly to Tornado Cash, a privacy-focused mixing protocol that anonymizes transaction trails by pooling and redistributing funds. Hours later, three newly created wallets received a total of 2,087 ETH—valued at about $4.03 million—from Tornado Cash. These wallets quickly sold the Ethereum at an average price of $1,933 per token, suggesting a deliberate strategy to liquidate portions of the stolen assets while obscuring origins.
The 2023 hack targeted Mixin Network, a decentralized cross-chain wallet and transfer protocol popular in Asia. Attackers compromised the platform’s cloud service provider database, draining user funds in Ethereum (ETH), Bitcoin (BTC), and stablecoins. At the time, the theft totaled around $200 million, prompting Mixin to suspend all deposits and withdrawals. The company later pledged to compensate affected users through bond tokens and offered a bounty to the hacker for returning funds— an offer that went unanswered.
For over two years, the primary hacker wallet remained untouched, holding the bulk of the illicit assets as cryptocurrency markets fluctuated. Hackers often lie dormant to evade detection, waiting for favorable conditions like rising prices or reduced scrutiny before cashing out. The recent ETH price stability around $1,900–$2,000 may have provided an opportune moment.
As of the latest data, the hacker’s address still controls substantial holdings: 57,849 ETH (approximately $113.4 million) and 891 BTC (around $59.7 million). This leaves over $170 million in potential value at risk of further movement. The initial transfers total less than 4% of the remaining ETH, indicating this could be the start of a broader liquidation process.
The use of Tornado Cash raises red flags. While the protocol aims to enhance privacy for legitimate users, it has been frequently exploited for money laundering and is sanctioned by the U.S. Treasury. Analytics firms can sometimes trace mixed funds through patterns, but it significantly complicates investigations.
This resurgence underscores persistent vulnerabilities in the crypto ecosystem. Even years after major exploits, stolen funds can resurface, impacting market sentiment and highlighting the challenges of recovery. Mixin Network, which resumed limited operations post-hack, has not yet commented on the latest activity. The crypto community and law enforcement will likely monitor the wallet closely for additional transfers.
Events like this serve as a reminder for users to prioritize self-custody and robust security practices in decentralized finance.