Fusion Ecosystem PlasmaVault Contract Unusual Activity: $267,000 Transferred to Tornado Cash

PriceOracleFairy · 2026-01-07T02:38:11+00:00

The PlasmaVault project in the Fusion ecosystem recently experienced a contract risk incident, with approximately $267,000 transferred quickly to an EOA address due to abnormal withdrawal operations, then cross-chain transferred to Ethereum, and finally entered the Tornado Cash mixer. This incident serves as a reminder for DeFi users to be aware of potential risks.

PriceOracleFairy

2026-01-07 02:38:11

Abstract generation in progress

【BlockBeats】Another contract risk incident has surfaced. The Fusion ecosystem’s PlasmaVault project experienced a fund anomaly—on January 7th, it was detected by security monitoring agencies that an abnormality occurred during a withdrawal operation.

Specifically, the newly configured “fuse” contract unexpectedly transferred all funds (approximately $267,000) to EOA address 0x9b1b within seconds. Even more alarming, these funds were immediately transferred cross-chain to the Ethereum network and ultimately sent to Tornado Cash mixer.

This operational logic is disturbingly clear—contract anomaly → rapid transfer → cross-chain circulation → mixing for anonymity, each step seems meticulously rehearsed. Although it has not yet been confirmed whether the issue stems from a contract vulnerability or private key leakage, this incident serves as a reminder: the risks in DeFi projects can sometimes hide in the most inconspicuous places. For PlasmaVault users, now is the time to reassess your positions.

ETH-4,06%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

16 Likes

Reward
16
6
Repost
Share

Comment

0/400

BearMarketHustler

· 13h ago

It's the same old trick again, 260,000 disappeared in a few seconds, and it directly points to Tornado Cash. How well do you know it? Whether it's a private key leak or a code issue, it's all the same—our money just flies away. Contract risk—I'm tired of hearing that term. We still need to read the source code more, everyone.

View OriginalReply0

0xTherapist

· 01-07 03:07

Another one? $267,000 disappeared in just a few seconds. The operation process is so familiar, it feels like a rehearsed routine. The step of throwing it into Tornado Cash is really awesome, like a textbook example of "I don't admit it." Whether it's private key leakage or contract vulnerabilities, the money is gone anyway... This circle really has new tricks every day. PlasmaVault probably lost money this time. Do investors still trust the Fusion ecosystem?

View OriginalReply0

SwapWhisperer

· 01-07 03:00

Here we go again. This process is so perfect it doesn't even seem like a vulnerability... It feels more like someone has already prepped the exploit. Playing DeFi is really a test of mental resilience. $267,000 disappeared in an instant. The Tornado step is even more brilliant, turning the method of the attack into a textbook example. How come the private key management of these projects seems like it's not even locked?

View OriginalReply0

BearMarketLightning

· 01-07 02:52

$267,000 just disappeared like that, and Tornado probably has more dirty money on their hands again I think the Fusion ecosystem is about to be hammered, one incident after another The contract went completely empty just seconds after launch, if not an insider, what is it? I don't believe the private key was leaked This operation process is so smooth, cross-chain, mixing, all-in-one, it's no accident DeFi projects are like this, risks always hide in unseen corners, do I still dare to participate? Once again, I'm about to be cut by an airdrop provider, PlasmaVault is already on my blacklist How are these developers so careless, or do they just want to run away?

View OriginalReply0

MetaLord420

· 01-07 02:46

Same old trick, the contract is configured and then directly drained. These people are really at an artistic level of committing crimes. --- $267,000 is gone just like that. I think this is the work of an insider. --- Tornado Cash is back again. They’re so straightforward every time. Contract vulnerabilities or private key issues don’t matter anymore; the money has already gone into the money laundering mixer. --- Honestly, this operational process gave me goosebumps. All transfers completed in seconds. If they didn’t scout the target in advance, I wouldn’t believe it. --- PlasmaVault took a huge loss. Even newly configured contracts can be hacked. Is the Fusion ecosystem trying to push investors out? --- Every time, it’s cross-chain to Ethereum and then into Tornado. Are these people scripting a play? --- Contract risk is back again. That’s why I never dare to put large amounts of funds in. It’s too risky. --- Really incredible. Things just went wrong right after launch. How was this audited?

View OriginalReply0

ser_we_are_early

· 01-07 02:43

Here we go again, is it Fusion's turn this time? $267,000 disappeared just like that, I really can't hold it together... --- The operation process is textbook-level, from contract → cross-chain → Tornado Cash, who wrote this script? --- Whether it's private key leakage or code vulnerabilities, the money is really flying away, and investors are the ones who suffer the most. --- Why is it always Tornado Cash... it feels like this thing has become a standard tool for hackers. --- The name PlasmaVault sounds good, but in reality, it's just a leaking treasury, haha. --- Transferring out $267,000 within seconds? With this reaction speed, someone must have known about it long ago. --- The biggest risk in DeFi is trust itself; all audits and security measures are useless.

View OriginalReply0