Gravity Bridge attacker deposits 1,180 ETH into Tornado Cash again
According to on-chain security firm CertiK (@CertiKAlert), the Gravity Bridge attacker recently deposited another 1,180 ETH (approximately $2.06 million) into Tornado Cash.
Earlier, on May 30, the attacker exploited the permissionless deployERC20() function by forging the Osmosis token string, tampering with the token registry, and mapping fake balances to real custodial assets—thereby stealing approximately 2,600 ETH (around $5.4 million) from Gravity Bridge. To date, 2,020 ETH of the stolen funds have been transferred to Tornado Cash via two externally owned accounts (EOAs); the remainder has been dispersed across centralized exchanges, making fund recovery significantly challenging.