QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$3 000 USD
APRIL 2025
GLOBAL
UNKNOWN
DESCRIPTION OF EVENTS
aundromat is a decentralized Ethereum mixer developed by BitBoost, allowing users to anonymize their Ether transactions by participating in mixing sessions. In these sessions, a fixed number of users send a set amount of ETH to a smart contract, and after all participants have joined, each can withdraw the same amount to a different address, effectively breaking the link between sender and recipient. The mixer leverages ring signatures, a cryptographic technique inspired by Vitalik Buterin’s early work, to enhance privacy. The project is open-source, available via GitHub, and can be accessed through a downloadable app or a web-based interface using MetaMask.
The FAQ clarifies technical requirements and limitations: users can run the mixer using MetaMask or a local Ethereum node with RPC enabled. Funds may remain locked if the required number of participants isn't reached, though dummy participants can be created (with limited privacy effectiveness). The code is written in JavaScript with Solidity contracts, and no binary installation is needed since it runs directly in the browser. Users are advised to review the source code or seek expert audits for security, as even the developer acknowledges the experimental nature of the cryptographic techniques used.
Community reactions are generally positive but cautious. A quote from Vitalik Buterin emphasizes the importance of using well-audited cryptography, especially for high-value transactions, suggesting Laundromat is best suited for low-value, experimental use cases. Concerns are raised about the quality of privacy depending on participant diversity—if only questionable sources use mixers, it might taint otherwise clean tokens. The BitBoost team responds by noting that Laundromat is part of a broader initiative to improve Ethereum's privacy infrastructure, with hopes that increasing adoption will bring more legitimacy and utility to such tools.
Unfortunately, the smart contract launched by poofknuckle had a vulnerability.
Technical details of the vulnerability have not been announced. TenArmor described the smart contract as "free money lying on the floor", so it appears that whatever vulnerability was fairly trivial.
The losses are 1 ETH, which had a value around $3k at the time of the exploit.
There does not appear to have been any indication of a reaction to the exploit. That's not surprising, given that this smart contract was deployed roughly 8 years ago.
It is unlikely that any investigation will be performed, given that so much time has passed, and the smart contract's primary use case was for laundering funds.
There is no indication that any recovery will be possible. This is an old contract, and the creator may even have forgotten about their funds at the time.
It's extremely unlikely that any aspect of this case is remaining to be resolved or developing further.
Laundromat, a decentralized Ethereum mixer developed by BitBoost, aimed to provide transaction privacy by allowing users to mix ETH in sessions via smart contracts and ring signatures. Though initially well-received as an experimental privacy tool, concerns were raised about its security and effectiveness, particularly without wide adoption or expert audits, and a second smart contract was deployed by a user named poofknuckle. Years later, the new smart contract was exploited due to a vulnerability, resulting in the loss of 1 ETH stored there. The flaw was described as trivial by TenArmor. Given the contract’s age and its use for potentially illicit activities, no investigation or recovery is expected, and the matter is almost certainly permanently closed.
TenArmor - "An ancient contract deployed 9 years ago on #ETH has been exploited. It seems the contract was designed for some kind of fund mixing. The deployer deposited 1 ETH and then just left it sitting there with no further interaction. Considering the price back then, it's very likely the deposit was just for testing." - Twitter/X (Aug 8)
Attack Transaction - Etherscan (Aug 8)
Week 15, 2025 - BlockThreat (Aug 6)
Ancient Legacy Contract - Etherscan (Aug 8)
Ancient Legacy Contract Created - Etherscan (Aug 8)
[ETH][Mixer]Laundromat - decentralized Ethereum mixer - BitcoinTalk (Aug 8)
Trezor Ethereum Explorer (Aug 8)
[ETH][Mixer]Laundromat - decentralized Ethereum mixer (Aug 8)
