Kraken and Coinbase User Loses $6.7 Million in Physical Attack, Funds Laundered Through Tornado Cash

When a Kraken and Coinbase account holder lost $6.7 million on Wednesday, the exploit wasn’t a smart contract bug or a phishing email. On-chain evidence points to a physical attack—someone likely forced the victim to initiate withdrawals from both major exchanges, according to the original report by analyst Specter.

The attacker moved quickly. Kraken processed the withdrawal of 1,554 ETH—worth roughly $3.3 million at the time—and 10.5 BTC. From Coinbase, 34.1 cbBTC were pulled out, amounting to about $2.6 million. The total haul across the two accounts reached $6.7 million, and what happened next reveals the laundering mechanics still available to criminals despite years of enforcement action.

Account Drain and Immediate Laundering

Specter traced the outflow to a familiar destination. $5.3 million of the stolen funds were deposited into Tornado Cash, the Ethereum-based privacy mixer that has remained operational even after the U.S. Treasury’s Office of Foreign Assets Control sanctioned it in August 2022. The attackers used the mixer to obfuscate the transaction trail, a method that still works because Tornado Cash’s smart contracts continue to run on decentralized infrastructure beyond any single point of control.

The speed of the withdrawals suggests the victim’s accounts were accessed directly, rather than through a slow credential theft. Physical coercion—often called a “wrench attack” in crypto circles—bypasses every layer of exchange security because it targets the user, not the platform. Neither Kraken nor Coinbase would see any unusual login pattern if the transaction originated from an already authenticated device under duress.

Physical Threats to High-Value Crypto Holders

This incident adds to a sparse but persistent pattern of real-world violence targeting cryptocurrency owners. Unlike bank wires that can be reversed or insured, on-chain transfers are final by design. For an attacker, forcing a victim to send assets from a custodial exchange is faster than navigating hardware wallet seed phrases. It also avoids the technical complexity of stealing private keys.

What makes the case more disturbing is the dual-exchange execution. The attacker likely knew the victim held significant balances across both Kraken and Coinbase, indicating either prior surveillance or inside information. That precision suggests a targeted operation rather than a random mugging. And the use of cbBTC—Coinbase’s wrapped Bitcoin on Ethereum—implies familiarity with DeFi rails and the value of assets beyond native BTC on the Bitcoin network.

Tornado Cash Sanctions Evasion Persists

The laundering choice underscores a regulatory gap. Despite OFAC sanctions and pressure on Ethereum validators to exclude Tornado Cash transactions, the mixer processed over $5 million in a single incident this week. Frontend blocking and RPC censorship are trivial to circumvent, leaving only the underlying smart contract layer as the ultimate enforcement frontier. That debate, however, remains stalled in courts and within protocol governance forums.

While Washington lawmakers argue over crypto market structure and bank opposition to a landmark Senate bill—a fight that intensified just days before a critical vote on the biggest crypto bill in US history—incidents like this physical attack highlight that user protection often falls outside the scope of legislative proposals. No amount of exchange-level KYC or travel rule compliance can stop a person from being physically compelled to authorize a transfer.

What Remains Unclear

Specter’s on-chain analysis identifies the flows but not the identity of the attackers or the exact circumstances of the coercion. It is unknown whether law enforcement has been notified, whether the victim survived the encounter, or if any of the funds will be marked and blacklisted by exchanges and compliance tools. Both Kraken and Coinbase have not publicly commented on this specific event, and in physical coercion cases, liability almost always shifts away from the platform.

For now, the $5.3 million sitting inside Tornado Cash may cycle through the mixer’s anonymity pool, eventually emerging in smaller, fragmented outputs. The remaining $1.4 million could already be in alternative laundering pipelines. What’s clear is that the intersection of physical security and crypto wealth management has become an operational risk that few investors adequately address—and one that exchanges are structurally unable to mitigate.