Blockchain security firm Peckshield says an apparent exploit of the Hedera network has seen $5.25 million in stolen funds bridged to Ethereum. The attacker’s wallet, first funded through the crypto mixer Tornado Cash, holds roughly $5.25 million in ether and wrapped bitcoin.Key TakeawaysPeckshield flagged $5.25M bridged from Hedera to Ethereum on July 11 after a suspected mainnet exploit.The attacker holds 2,360 ETH ($4.25M) and 15.58 WBTC ($1M) in a wallet seeded with 1 ETH from Tornado Cash.Hedera had not confirmed the breach at press time; HBAR traded near $0.070 as sleuths track the funds. The Numbers Are Finally Starting To Emerge Peckshield reported that the Hedera network had been exploited, citing findings first surfaced by security analyst Specter. According to the alert, $5.25 million in stolen funds has already been moved from Hedera’s mainnet to Ethereum. The attacker originally funded their wallet with 1 ETH drawn from Tornado Cash, a mixing service that obscures the trail of crypto transactions. The wallet now holds about 2,360 ETH worth $4.25 million and 15.58 wrapped bitcoin (WBTC), a tokenized version of bitcoin that trades on Ethereum, valued near $1 million. Onchain data showing the funds compromised in the exploit being moved. Hedera has not publicly confirmed the incident as of now, and the full scope of the theft beyond the bridged funds remains unclear. HBAR, the network’s native token, traded near $0.07 on July 11, down nearly 3% over the last 24 hours. The muted price reaction seems indicative of how early the situation is, as neither the attack vector nor the affected applications have been identified publicly, and it is not yet known whether user accounts or protocol-level liquidity took the loss. A Playbook That Has Been Seen Before The pattern of seeding a wallet through a mixer, striking, then bridging the loot to Ethereum has become a standard playbook in recent years. In fact, cross-chain bridge exploits topped $328 million in the first five months of the year, with Bitcoin.com News reporting several such incidents over the past month. Most recently, an attacker flipped $11.5 million in stolen Verus assets to ether using an almost identical Tornado Cash setup. It is also not Hedera’s first security incident given that in March 2023, attackers exploited the network’s smart contract service to drain liquidity pool tokens from decentralized exchanges including Saucerswap, Pangolin and Heliswap. That attack netted under $600,000, and the network shipped a fix within 41 hours of discovery, a response time the current episode will be measured against. Over the coming day, all eyes will be on Hedera’s team and how it handles the situation, especially since they haven’t even confirmed the breach yet. Moreover, it will be interesting to see whether the attacker begins cycling the 2,360 ETH back through Tornado Cash. Until then, the $5.25 million sits in a wallet every onchain sleuth in the industry is now watching.