Blockchain security firm CertiK has uncovered a new twist in the Remilia DAO hack from March. According to their report, the stolen crypto assets, worth approximately $4.3 million, have been funneled through Tornado Cash.

For those unfamiliar, Remilia is a Decentralized Autonomous Organization (DAO) responsible for the Milady Maker non-fungible token (NFT) collection. Back in March, hackers infiltrated their system and made off with a significant amount of Ether (ETH) and NFTs.

CertiK’s recent analysis traced the stolen funds to multiple addresses linked to the Remilia hack. These addresses ultimately led to a deposit of 1,209.5 ETH, equivalent to $4.3 million at the time of writing, into Tornado Cash.

Tornado Cash is a cryptocurrency mixing service designed to enhance anonymity for transactions. It works by muddling the trail of funds, making it difficult to track the origin and destination of cryptocurrencies that pass through it.

This development throws a wrench into efforts to recover the stolen assets. While blockchain transactions are typically public, Tornado Cash throws up a significant roadblock for investigators.

The Remilia exploit serves as a stark reminder of the vulnerabilities present in the DeFi (Decentralized Finance) space. DAOs and other DeFi projects often hold substantial treasuries, making them attractive targets for hackers.

The use of Tornado Cash by the Remilia hacker further emphasizes the challenges associated with tracing and recovering stolen cryptocurrencies. As regulatory landscapes evolve, finding ways to address these challenges while preserving the core principles of DeFi will be crucial for the industry’s long-term success.