An exploiter-labeled address linked to the decentralized finance (DeFi) protocol Unizen hack has transferred 865.4 Ether (ETH), worth approximately $2.16 million, to Tornado Cash.

Blockchain security firm PeckShield flagged the exploiter’s transfer to the mixing service on Aug. 7, revealing the first movement of the stolen funds since March 8.

Around the time of the hack, Unizen announced that users who lost $750,000 or less would be reimbursed, with refunds beginning March 11.

Cointelegraph contacted Unizen for comment on the situation but did not receive a response before publication.

Unizen hacker transfers $2.1M stolen funds to Tornado Cash image 0 Source: PeckShieldAlert

Related: DeFi protocol Unizen to provide ‘immediate reimbursement’ after $2.1M hack

Funds moved to Tornado Cash

On Aug. 7, stolen funds, including the Maker Protocol stablecoin Dai ( DAI), began to leave the exploiter wallet for the first time since the Unizen hack 151 days ago.

At 04:12 am UTC, 500,000 DAI was sent out, followed by a further outflow of 1,679,859 DAI, bound for an unknown wallet (0x8660…84d7).

From 04:14 am UTC, the exploiter began converting the 2,179,859 DAI into 863.67 ETH. Following that, the exploited started  sending out the ETH from 05:35 am UTC to Tornado Cash via 26 separate transactions.

Unizen hacker transfers $2.1M stolen funds to Tornado Cash image 1 Funds being shifted to Tornado Cash by the exploiter. Source: Etherscan

Related: DAO Maker hack victims still await reimbursement 3 years later

Stolen funds reimbursement

On March 11, Unizen announced that the firm’s CEO, Sean Noga, had loaded funds to the company to facilitate refunding lost funds back to victims of the $2.16 million hack.

The announcement explained that returned funds would be in Tether ( USDT ) or Circle USD ( USDC ).

For users who lost more than $750,000 during the hack, the DeFi protocol explained that they would handle those victims on a case-to-case basis.

Related: Old Dolomite exchange contract suffers $1.8M loss from approval exploit

Post-hack security measures

Following the exploit in March, Unizen’s chief technology officer, Martin Granström, stated on X that the firm was collaborating with third-party security firms and law enforcement to identify the hacker.

Granström announced that the firm would share an incident report and invest more in security in the future.

Magazine: Clicker games to fade post-airdrop, Is Hamster Kombat any good? Web3 Gamer