Less than two weeks into the new year, malicious entities have already started doing what they do best.

According to the latest update by the blockchain security company CertiK, two recently created contracts – CirculateBUSD and CirculateWBNB – have been pumped away by the creators.

• The funds have been bridged to Ethereum and deposited into the OFAC-sanctioned coin mixer, Tornado Cash.
• By doing so, the creators of the two contracts managed to pull off what looks like an exit scam by draining $2.5 million. CertiK explained,

“This incident is made possible due to a backdoor in the `Start Trading` function. Function calls a malicious unverified contract SwapHelper(0x112f8) with signature 0x6343756. CirculateBUSD deployer is set into SwapHelper who receives the funds.”

• In a recent report, CertiK noted observing a large number of incidents last year despite the crypto bear market and added that there will be no respite in exploits, flash loans, or exit scams this year as well.
• In fact, the illicit transaction volume of crypto-assets hit a record level of $20 billion, according to Chainalysis ‘Crypto Crime Report.’
• The firm also found that transactions related to sanctioned entities amplified by over 100,000-fold in 2022, accounting for 44% of the previous year’s illicit activity.
• Chainalysis recently pointed out that pulling the plug on a decentralized protocol such as Tornado Cash isn’t very easy, which explains why the coin mixer’s activity hasn’t completely stopped post-OFAC sanctions.