$1,800,000 in CBBTC withdrawn from Hyperliquid – the largest bridge out in 48 hours by a fresh wallet with zero history.
Address 0x9f2E...d81B pulled 18 cBBTC (~$1.8M) from Hyperliquid’s bridge contract 14 hours ago and immediately routed it through a sequence of three intermediary addresses before the trail went cold in a Coinbase deposit wallet.
The withdrawal wallet was funded with exactly 0.02 ETH for gas from a Tornado Cash relayer just 37 minutes before the bridge call. That’s a textbook operational security pattern: fresh wallet, mixer-funded gas, single-purpose transaction, instant obfuscation chain.
This isn't a whale rebalancing. Genuine large withdrawals typically come from aged wallets with prior Hyperliquid interaction history and use direct paths to known custodians. Behavioral flags here: (1) wallet age <1 hour at time of bridge, (2) sole funding source = sanctioned mixer, (3) 3-hop transfer chain within 4 minutes post-withdrawal, (4) final destination is an exchange hot wallet rather than cold storage.
Historical match: this mirrors the routing pattern used in the May 2024 Pike Finance exploit where bridged assets were laundered through Coinbase deposit addresses in under 10 minutes.