A hot wallet, seemingly connected to the crypto exchange Binance’s deployer address, was hacked over the weekend, with the attacker making off with millions of dollars worth of the USDT stablecoin.

According to transactions picked up by pseudonymous blockchain sleuth ZachXBT, the victim’s hot wallet was compromised at around 4:36 pm on Nov. 11. The hacker stole $27 million worth of USDT and then quickly swapped the stablecoins for Ether (ETH).

The hacker then transferred the stolen funds to platforms like FixedFloat and ChangeNow, before bridging the funds back to Bitcoin through THORChain. 

ZachXBT found that the victim’s address appears to be connected to the Binance deployer address based on transaction activity dating back to May 2019.

“They will probably deposit the funds to a mixer or send to a sketchy service next. To take large sums off chain OTCs are common (will be later on after funds have been laundered),” noted ZachXBT.

Last week, the Poloniex exchange’s hot wallet was hacked for an estimated $125 million, according to data shared by blockchain security firm Peckshield, and later confirmed by Poloniex investor Justin Sun in a tweet. 

Blockchain data shows that the hacker’s Ethereum wallet sent the stolen funds through 357 separate transactions. The hacker also bought around $20 million worth of Tron’s native token TRX, which pushed its price up by more than 20% on the day.

“We are offering a 5% white hat bounty to the Poloniex hacker. Please return the funds to the following ETH/TRX/BTC wallets. We will give you 7 days to consider this offer before we engage law enforcement,” wrote Sun in a follow up tweet.