CertiK Detects Suspicious Tornado Cash Deposits Tied to Anomalous 0G Labs Withdrawals

The incident involves the withdrawal of approximately 520,000 0G tokens, valued at around $516,000 USD, using a privileged emergencyWithdraw() function.The funds were transferred to the address 0x617E8e3C07bEF319F26C1682270A19e89Ea2bf75 before being routed through Tornado Cash, a privacy tool often associated with obfuscating transaction trails.

According to on-chain analysis shared by independent investigators, the exploiter bridged the stolen 0G tokens to networks like BNB Chain and Ethereum prior to the Tornado Cash deposits.This pattern suggests an attempt to launder the funds, as the attacker used multiple addresses, including 0xF1fAB77c27AEB656EF04D610B8356186c650B74a and 0x1fa71304010Af642067ee284Aae4B48EdfF661E3, to disperse the assets.CertiK's monitoring system flagged the activity as potentially indicative of a security breach or exploit, prompting calls for an official response from the 0G Labs team.As of December 13, 2025, 0G Labs has not yet issued a public statement, leaving the community awaiting clarification on whether this was an internal issue, a hack, or something else.

This event comes amid a broader wave of crypto security incidents. Just hours before, another project, ZEROBASE, suffered a frontend compromise that led to over $240,000 in user losses, including one victim parting with 123,597 USDT.These back-to-back alerts underscore the persistent vulnerabilities in DeFi protocols, with experts recommending users revoke suspicious contract approvals using tools like Revoke.cash to mitigate risks.

What is Tornado Cash?

Tornado Cash is an open-source, non-custodial cryptocurrency mixer (also known as a tumbler) that operates on Ethereum-compatible blockchains to enhance transaction privacy.It works by pooling deposits from multiple users and then allowing withdrawals to new addresses, effectively breaking the on-chain link between the source and destination of funds.his makes it harder for observers to trace transactions, which can be useful for legitimate privacy needs but has also attracted illicit use.

Launched in 2019, Tornado Cash has processed billions in cryptocurrency but faced significant regulatory scrutiny. In August 2022, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned it for facilitating money laundering, including over $7 billion in virtual currency since its inception, some linked to North Korean hacking groups like Lazarus.Despite the sanctions, which were partially lifted or challenged in courts by 2025, usage has evolved, with a noted decrease in overall activity but persistent deposits from high-profile exploits.For instance, recent analyses show exploiters from projects like Arcadia and MuskSwap routing funds through Tornado Cash to obscure trails.

Legal battles surrounding Tornado Cash continue, with co-founder Roman Storm facing a mistrial on money laundering charges in August 2025, though he was convicted on conspiracy to operate an unlicensed money-transmitting business.The tool remains decentralized and permissionless, but its association with hacks has made it a red flag for security firms like CertiK.

Broader Implications

This 0G Labs incident highlights ongoing challenges in blockchain security, particularly for reward contracts that handle significant token volumes. With Tornado Cash's role in potentially laundering the funds, it raises questions about the effectiveness of privacy tools in deterring or enabling exploits.Crypto users are advised to monitor their wallets closely and use audited protocols. As investigations unfold, this could impact 0G's token price and investor confidence in AI-driven blockchain projects. Stay tuned for updates from CertiK and 0G Labs.