Goldfinch Finance User deltatiger.eth Loses $330K as Funds Route Through Tornado Cash

Another day, another crypto wallet gets emptied—this time to the tune of $330,000. The victim? An Ethereum address linked to Goldfinch Finance, operating under the alias deltatiger.eth.

How the Money Vanished

The trail leads straight to Tornado Cash, the infamous privacy mixer. Funds didn't just disappear; they were systematically routed through the protocol, effectively scrambling their digital fingerprints. It's the classic crypto heist playbook: steal, then obscure.

The Aftermath and the Irony

Goldfinch Finance, a platform built on the promise of decentralized credit, now has a user facing a very centralized-feeling loss. The incident highlights the persistent vulnerability of digital asset wallets, regardless of the sophistication of the underlying protocol. Security remains the industry's Achilles' heel—a costly lesson that keeps getting repeated, often by those who should know better. Sometimes, the most 'decentralized' thing in crypto is the distribution of blame after a hack.

While the total sum might be a rounding error for some hedge funds, for an individual user, $330K is a devastating blow. It's a stark reminder that in the high-stakes world of decentralized finance, your keys aren't just your coins—they're your only line of defense. And when that fails, the money doesn't just sit in a vault; it gets laundered through a digital tornado, leaving little but a cold transaction hash and a hard lesson behind. Just another reminder that in crypto, you're not just betting on technology; you're betting against the ingenuity of thieves.

Goldfinch Finance’s decentralized lending method faulted

Goldfinch Finance is a decentralized finance (DeFi) protocol supported by major players in the crypto industry, including a16z Crypto and Coinbase Ventures. 

Much different from most crypto lending platforms, Goldfinch does not require borrowers to provide collateral. Instead, they can submit loan proposals for review by backers and auditors, which is then issued if proposals secure sufficient support. Liquidity providers, backers, and auditors earn interest as a reward, while borrowers access capital without posting collateral. 

The protocol went live on ethereum in February 2021, issuing $1 million worth of loans initially. Version 1.1 launched a month later in March 2021, and Goldfinch raised $11 million in funding from Andreessen Horowitz months later. In October 2021, the platform partnered with Nexus Mutual, allowing Liquidity Providers and Backers to purchase smart contract insurance. 

According to Coingecko’s token terminal, Goldfinch protocol has a fully diluted market capitalization of $30.5 million, token trading volume of $12.4 million in the last 30 days, and active loans totaling $91.3 million.

In 2023, an East African motorbike finance company named Tugende Kenya defaulted on a $5 million crypto loan after allegedly providing an unauthorized loan to its Uganda-based parent company, which violated loan terms.

Warbler Labs, Goldfinch’s parent company, discovered Tugende Kenya had diverted almost $2 million to its parent firm. The breach was unveiled in December that year, but company records show it was reported on Goldfinch’s governance forum in February 2024.

Another default came in 2024 involving Singapore-based private credit firm Lend East, which said it could repay only about $4.25 million of a $10.15 million loan from the Goldfinch pool. The amount was 58% less than the repayment value and accounted for 7.7% of Goldfinch’s total active loans. 

The Lend East pool had a 25-month term, maturing on April 3, 2024, offering 17% USDC APY or 28% variable GFI APY. Discord community members alleged that $750,000 borrowed from Goldfinch was used to repay other borrowers, breaching the original loan agreement.

December welcomes DeFi protocols to losses from hacks

Goldfinch’s hack comes barely 24 hours after Yearn Finance’s yETH was hit by an unlimited minting breach, draining the entire yETH pool in a single transaction. According to Cryptopolitan’s report, attackers generated nearly infinite yETH tokens, extracting approximately 1,000 ETH, worth $3 million, which was then routed through Tornado Cash.

yETH is an index token based on several liquid-staked versions of ETH, known as Ethereum Liquid Staking Derivatives (LSTs). The exploit was flagged by X user Togbe, who noted “heavy transactions” on LSTs including Yearn, Rocket Pool, Origin, and Dinero.

Yearn Finance confirmed the incident through its official X account but assured users that V2 and V3 Vaults were secure. This is the second attack since 2021, when Yearn’s yDAI vault breach led to a $2.8 million loss, and a faulty script in December 2023 that wiped out 63% of a treasury position.

Blockchain security firm CertiK reported on Sunday that the crypto industry suffered estimated losses of $127 million from hacks and exploits in November. The company’s monthly threat report noted that actual affected funds exceeded $172 million, though approximately $45 million was later recovered.

Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.