On February 9, 2026, at 8:00 AM UTC+8, the Infini attacker address transferred 9154 ETH in one go to Tornado Cash, estimated at about 19.33 million USD at that time, which was quickly captured and amplified in discussions on-chain. This stands in stark contrast to the fear and greed index of only 14 given by Alternative, indicating "extreme fear": while the price level had not completely collapsed, the sentiment was exceptionally weak. At such a moment, the large amount of stolen funds being pushed into the mixer not only pulled the Infini incident back from "historical news" into the spotlight but also raised a new question: when hackers can quietly launder tens of millions of dollars on the edge of regulatory scrutiny, how much further can the bottom line of market confidence and the boundary of regulatory lines retreat?
9154 ETH Enters: The Fog Deepens
● Scale and Valuation of Funds: According to Onchain Lens, the Infini attacker-related address initiated a large transfer of 9154 ETH to Tornado Cash on February 9, equivalent to about 19.33 million USD, which is a typical "bulk wash" rather than a scattered split. At a time when overall liquidity has not been exhausted, such a single transaction volume is sufficient to trigger high-sensitivity alerts in the on-chain analysis community, bringing the previously forgotten Infini incident back to the forefront of the timeline.
● Follow-up Actions Rather Than Starting Point: It is important to emphasize that this transfer is part of the subsequent fund disposal actions after the Infini attack, rather than part of the initial attack itself. Since current public channels cannot confirm the precise amount and timeline of Infini's initial losses, any further extension regarding "total loss scale" or "holding period" carries the risk of over-interpretation. This also means that what the public can currently confirm is simply: a large amount of ETH related to the Infini attack was concentrated and pushed into the black box of Tornado Cash on February 9.
● Why On-chain Tracking Quickly Focused: From the perspective of tools like Onchain Lens, the large, concentrated, and flowing to the mixer characteristics make this 9154 ETH very easy to "trigger a red light" on monitoring panels. The attacker address had previously been marked as an Infini exploit-related address, and once it initiated an unusually large transfer, the monitoring system would automatically focus, and analysts and media would quickly amplify the dissemination, thus completing the "on-chain event → public opinion focus" communication loop in a short time.
● Difficulty of Tracking After Mixer Involvement: Once funds enter Tornado Cash, the originally clear single source will be cut, mixed, and redistributed to multiple exit addresses, transforming the on-chain path from "visible flow" to "probability fog." This does not mean tracking is completely impossible, but it shifts the analysis from simple address association to a high-cost phase requiring models and statistical inference. For regulators, law enforcement, and project parties, each intervention by the mixer is a dividing line where accountability costs rise stepwise, also laying the groundwork for subsequent regulatory disputes.
Extreme Fear Moment: Hackers Step on Emotional Cracks
● Emotional Reading Hits Bottom: According to Alternative data, the current market fear and greed index is only 14, having fallen into the typical "extreme fear" range. Historical experience shows that when the index hovers at this level, investors' sensitivity to bad news is much higher than during normal periods; even a single project's negative event is more easily interpreted as a "precursor to collapse," further reinforcing the emotional aspect.
● Amplified Anxiety of Security and Compliance: In this fragile sentiment, the exposure of a large hacker laundering event easily triggers two layers of overlapping anxiety: first, the technical concern of "is the money safe," and second, the institutional concern of "is regulation failing." For investors already tormented by withdrawals and liquidations, seeing tens of millions of dollars in stolen funds relatively calmly traversing the on-chain world naturally raises questions about the adequacy of safety and compliance across the entire ecosystem.
● Psychological Extrapolation from Individual Cases to Systemic Risk: In a panic environment, the market tends to extrapolate individual attack events as industry-wide structural problems. A single project being breached is easily interpreted as "similar protocols have similar vulnerabilities"; a successful laundering event is imagined as "hackers can escape unscathed." This psychological extrapolation from point to surface may not necessarily hold technically, but it can translate into real monetary reductions and cautious behavior in funding actions.
● Possible Considerations for Hacker Timing: Choosing to act during a phase where liquidity has not completely dried up, but sentiment is low, and pushing 9154 ETH into the mixer can also be understood as a "concealment strategy amidst emotional noise": on one hand, there is still sufficient capacity for absorption and conversion on-chain, facilitating subsequent multi-layer circulation; on the other hand, the market and media's attention is occupied by macro fluctuations and price declines, making the subsequent fund flows of a single project more likely to be treated as "background noise," thus granting hackers a valuable window of time.
The Dual Narrative of Tornado Cash
● "Stolen Fund Outlet" in Historical Impressions: In the public discourse surrounding multiple major security incidents, Tornado Cash has long been labeled as a "common laundering channel used by hackers." Even without listing specific case details, this name itself has become highly associated with keywords like "black swan funds" and "major case backdoors" in the public's mind. This symbolic impression means that any large amount of stolen funds flowing into Tornado Cash naturally carries the narrative of "entering criminal infrastructure."
● How Technical Mechanisms Amplify Anonymity: Mechanically, Tornado Cash provides participants with a near "interchangeable" anonymous experience by breaking up and uniformly mixing multiple user-deposited assets, then allowing different addresses to withdraw at different times. On-chain, one can only see funds entering the same contract pool and then flowing out from the pool, making it difficult to directly correlate a specific deposit with a specific withdrawal. For analysts, the path shifts from "deterministic mapping" to "high uncertainty pairing," naturally increasing tracking difficulty.
● Regulatory Narrative Shift: From a regulatory perspective, Tornado Cash's role has undergone a narrative evolution from "privacy infrastructure" to "criminal infrastructure." On one hand, supporters emphasize that it provides ordinary users with legitimate tools to avoid on-chain monitoring and profiling, serving as the privacy foundation of the decentralized world; on the other hand, regulators point to the repeated influx of large stolen funds, believing it has become a key hub for evading sanctions and laundering money. This role fragmentation places Tornado Cash at the intersection of technical neutrality and social responsibility.
● Each Major Case Influx is a New Chip: The Infini attacker pushing 9154 ETH into Tornado Cash is not only a technical laundering action but also objectively adds new chips to the political debate on whether to restrict or sanction on-chain privacy tools. At the policy discussion table, every amount of stolen funds amplified by the media will be transformed into "counterexamples of regulatory inaction," reinforcing the negative labeling of privacy protocols and making future restrictions on mixers, privacy pools, and even broader on-chain tools more likely to gain public and legislative support.
Price Rebound and New Highs in the Stock Market: Risks Are Being Blunted by Prices
● Bitcoin Price Has Not "Collapsed": From a price perspective, Bitcoin recently rebounded from 60,000 USD to 70,418 USD, demonstrating through a considerable rebound path that mainstream assets have not fallen into panic selling. Whether from absolute price levels or the strength of recovery after a pullback, this performance is closer to "adjustment within high-level fluctuations" rather than the eve of a systemic collapse across assets.
● Optimistic Appearance in Global Stock Markets: Within the same time frame, the Nikkei 225 index rose over 5% in a single day, reaching a historical high, adding a layer of optimism to the sentiment of global risk assets. The traditional capital market's pricing of risk does not seem to have been significantly disturbed by individual on-chain attacks or mixing events, with funds still chasing growth and interest rate spreads, focusing more on interest rate expectations and economic recovery rather than on-chain security events.
● Price Numbness and Risk Blunting: When large amounts of hacker funds frequently circulate on-chain while mainstream asset prices and traditional stock indices remain strong or even reach new highs, a potential "price numbness" and "risk blunting" quietly form. The market chooses to use "not falling" in the short term to prove "the problem is not significant," yet overlooks that security events essentially erode trust in institutions and infrastructure, with their impact often seeping into valuation and liquidity discounts in a slower, more covert manner.
● Underestimated Long-term Hazards: This disconnect between price and risk can easily lead to hacker events being treated as "isolated noise," resulting in systematic underestimation in risk assessment, project valuation, and compliance investment. When similar events to Infini repeatedly occur in the misaligned zones of emotional lows and price rebounds, the real hazard is not a single flash crash, but rather the gradual loss of trust, causing the market to lose its capacity to withstand any bad news at critical moments.
Regulatory Focus Shift Seen Through Stablecoin Debate
● "Possible Collapse" from the Central Bank Perspective: In the eyes of traditional regulators, the primary threat at present is often not a specific DeFi protocol being breached, but rather the potential destabilization of payments and financial stability. The Governor of the South African Reserve Bank has warned that certain "stablecoin" assets "could collapse," focusing on the dependence of payment systems, reserve transparency, and the chain reaction triggered by decoupling. This concern reflects the central bank logic: whoever carries daily payments and value storage constitutes "systemic importance risk."
● Boundary Drawing Within the Industry: In contrast to the systemic risk perspective of regulators, the industry emphasizes the purity of innovation and decentralization. Views represented by Vitalik Buterin argue that "algorithmic stablecoins are the true DeFi," with the implicit premise being that only by breaking free from dependence on traditional fiat currencies and centralized reserves can one be considered a native on-chain innovation. This stance, while emphasizing technical ideals, objectively pushes some complex and fragile mechanisms to a higher risk boundary.
● Misalignment Under the Spotlight: The current focus of policy and public discourse is more on "how to regulate stablecoins" and "how large institutions can enter," directly related to macro-financial order, while seemingly "localized technical issues" like on-chain security and hacker laundering often lack sustained and in-depth follow-up. The Infini attacker laundering 9154 ETH through Tornado Cash once again proves that when regulatory attention is concentrated on a few large players and payment vehicles, hacker funds can continue to flow in the dark corners of the stage.
● Evolution in the Shadows: Under such a shift in focus, a concerning proposition is: when policy focus is occupied by "stablecoins and large institutions," mixers and the hacker ecosystem may accelerate their evolution in the shadows. Iterations of privacy pool technology, more concealed cross-chain jumps, and automated splitting and mixing strategies may mature in spaces with less intervention. Once these tools form tighter ecological connections with hacker organizations, relying solely on post-event tracking and law enforcement will become increasingly difficult to offset the systemic trust discount they bring.
After the Fog: Accountability Challenges and On-chain Order Reconstruction
● Concentrated Outbreak of Triple Contradictions: The Infini attacker’s transfer of 9154 ETH through Tornado Cash brings the sharpest triple contradictions in the current crypto world to the public's attention: how to delineate the boundary between privacy and compliance, how to balance security and innovation, and how to reconstruct the power distribution between regulation and decentralization. Any extreme one-dimensional answer is unlikely to truly resolve the issues and will only compress the contradictions to rebound in other dimensions.
● Pressure for Design Advancement: With the advancement of on-chain tracking tools and the accumulation of compliance pressure, more and more projects are forced to consider auditability, permission management, and risk isolation at the design stage, rather than patching and disclaiming after the fact to "close the barn door after the horse has bolted." This means that from contract architecture to asset flow paths, certain space must be reserved for compliance, risk control, and law enforcement cooperation; otherwise, once an Infini-style attack occurs, project parties, users, and regulators will all be pushed into a labyrinth of accountability.
● Direction of the New Round of Game: It is foreseeable that the next focus of regulatory games may revolve around several directions: restrictions on privacy tools, monitoring of cross-chain fund flows, and cracking down on hacker monetization paths: whether to impose more compliance thresholds on mixers and privacy pools, whether to upgrade KYC and monitoring requirements for cross-chain bridges and routes, and how to cut off standardized exit channels for large amounts of stolen funds without completely stifling technical neutrality.
● Limited Information and Rational Observation: Currently, the public information regarding the Infini incident remains limited, especially concerning the initial loss scale, precise timeline, and official responses, with many gaps still existing. For investors and industry participants, a more prudent attitude is to focus on the subsequent on-chain developments and the official statements from Infini, avoiding unverified inferences about loss scale, hacker holding periods, or specific responsible parties based on fragmented information. Until the fog has cleared, maintaining information sensitivity and judgment restraint is also a necessary form of self-protection.
Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
OKX Welfare Group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance Welfare Group: https://aicoin.com/link/chat?cid=ynr7d1P6Z
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
