#balancerattackerresurfacesafter5months Bitcoin NewsblockchainreporterMEXC

🔴 What’s happening

The attacker behind the Balancer exploit has reappeared after ~5 months of inactivity and started moving funds again.

The hacker moved ~1,100 ETH (~$2.5–2.6M) in a short time

Funds are being converted from ETH → BTC

The swaps are happening via THORChain (blockchainreporter)

🧠 Why this matters

This isn’t just a random transfer—it’s a classic laundering phase:

After staying dormant for months, attackers often wait until:

Attention fades

Tracking pressure reduces

Then they start gradual fund movement to avoid detection

Here, the attacker is:

Splitting transactions into smaller chunks

Using cross-chain swaps to break traceability

Moving into Bitcoin for higher liquidity and anonymity layers (BitcoinWorld)

⚠️ Bigger concern for DeFi

This highlights a structural issue:

Cross-chain protocols like THORChain allow swaps without centralized KYC

That makes them attractive for:

Hackers

Sanctions evasion

Investigators struggle because funds are:

Fragmented

Moved across chains rapidly (@IntellectiaAI)

💥 Context: the original exploit

The attacker originally stole ~$120M+ from Balancer

Most of those funds are still not fully recovered (Bingx Exchange)

📊 Market impact (real talk)

Right now, this kind of movement:

❌ Doesn’t crash the market

❌ Doesn’t kill DeFi

✅ But keeps security fears alive

It reinforces:

“Funds aren’t gone—they’re waiting to be laundered”

DeFi still has post-exploit risk overhang

🧠 Bottom line

This is phase 2 of a hack: laundering, not hacking

The attacker is still active and methodical

It’s a reminder that:

Time ≠ safety in crypto exploits

Stolen funds can resurface anytime

If you want, I can break down whether this could impact tokens like BAL, AAVE, or overall DeFi TVL in the short term.