CertiK analyzed the April 2023 GDAC exchange compromise, assessing it as highly likely a private-key compromise that caused about $13 million in cryptocurrency losses, or 23% of GDAC's holdings. The incident likely began on Ethereum around 18:36 UTC on 8 April with a small ETH transfer before ETH and 220,000 USDT moved from GDAC-controlled wallets to attacker-controlled wallets, with the USDT swapped to ETH and deposited into Tornado Cash. Most of the stolen value was on WEMIX, where 10 million WEMIX tokens were transferred to the exploiter and then moved through multiple wallets and contracts. CertiK noted the malicious transactions resembled normal transfer functions and treated GDAC as the largest private-key compromise it had observed in 2023 at the time.