What Does It Mean When Dexx Funds Are All Laundered Through Tornado Cash?

/Jul 25, 2025

Key Takeaways

• Tornado Cash uses zk-SNARKs to break traceability between wallet addresses, making it a go-to tool for laundering stolen crypto.

• Despite U.S. sanctions in 2022, Tornado Cash operates via immutable smart contracts, which courts recently ruled can’t be sanctioned.

• Forensic analysis may still uncover hacker traces before funds enter Tornado, such as centralized exchange deposits or IP data.

• Previous cases like Ronin and Wormhole show that partial recoveries are possible with exchange cooperation and good timing.

• Dexx’s transparency sets it apart from total exit scams, with plans underway for compensation — but trust is already shaken.

• The real takeaway: not your keys, not your coins. Use a hardware wallet to protect your assets from the next disaster.

Over $100 million stolen. After 33 days, the hacker chose the path of no return.

All user funds from Dexx have been funneled into a decentralized mixer protocol—Tornado Cash—to anonymize transactions. In simpler terms: they’ve been laundered.

What is Tornado Cash?

Tornado Cash is a decentralized privacy protocol.

It uses zero-knowledge proofs (zk-SNARKs) to break the link between source and destination addresses. By pooling funds into a common contract and allowing users to withdraw to new addresses, it creates strong on-chain anonymity.

That makes it an ideal tool for laundering crypto assets.

In 2022, the U.S. Treasury added Tornado Cash to its sanctions list, banning American citizens and entities from interacting with it. But since the protocol is run by immutable smart contracts on a decentralized blockchain, not even a government can shut it down.

In fact, a U.S. court recently overturned the sanctions, ruling that Tornado Cash’s immutable smart contracts do not constitute a “foreign entity or property,” and thus can’t be sanctioned.

Can the Funds Still Be Recovered?

It depends.

While Tornado Cash effectively severs the trail of on-chain transactions, there may still be forensic traces before the mixing. Think of it like a plane crash investigation—if you dig through enough wreckage, you might uncover the truth. But it takes time and effort.

According to SlowMist:

“Technical analysis shows clear signs of external intrusion, including malware artifacts. With Dexx's permission, a full incident report could be made public.”

Source: @evilcos on X (Twitter)

Hackers often leave footprints, especially during the prep phase:

They may top up via centralized exchanges
Their cross-chain behavior can expose patterns
Even IP addresses or browser fingerprinting might help

With the right tools and cooperation from exchanges and law enforcement, there’s still a chance to trace the perpetrator and recover assets.

Historical Cases: Tornado Wasn’t Always the End

✅ Case 1: Ronin Bridge Hack – Partial Recovery

In 2022, the Ronin bridge (linked to Axie Infinity) was exploited for $624 million.

Some stolen funds were sent to Tornado Cash, but Chainalysis and U.S. agencies tracked activity and identified attempted withdrawals to centralized exchanges—leading to asset freezes and partial fund recovery.

✅ Case 2: Wormhole Hack – Hacker Identified

The Wormhole exploit in the same year resulted in $326 million in losses.

Forensics teams discovered the hacker deposited a small amount of funds to Coinbase before using Tornado. Thanks to Coinbase’s KYC policies, investigators identified the attacker and successfully retrieved a portion of the funds.