WazirX Hacker moves fresh batch of $12 million in Ethereum via Tornado Cash
The group behind the hack on the Indian cryptocurrency exchange WazirX in July has moved $12 million in stolen ether (5,000 ETH) early Thursday in the latest batch of transfers to mixing service Tornado Cash.
The hacker has been using the cryptocurrency mixer Tornado Cash to move the stolen funds, and this has made it challenging for the Wazir X team to track it.
The attacker reportedly started transferring the stolen funds on September 2 by transferring 2,500 ether, or about $6.5 million at the time, in 100 ether ($243,000) chunks to the U.S. sanctioned crypto mixer Tornado Cash, according to the onchain analytics platform Arkham.
In addition, Blockchain-Based Security Company CYVERS discovered the hacker's recent transaction and released information about it, which included the exploiter transferring Ethereum assets to a different wallet.
Cyvers disclosed the specifics of the transaction on their X account, including the amount of Ethereum that the hacker moved and the new wallet address to which it was moved.
🚨UPDATE🚨@WazirXIndia hacker just transferred another 5K $ETH (~$12M) to a new address: https://t.co/BDjfNt0Keb and already started depositing to @TornadoCash
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 19, 2024
Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo 🚀… https://t.co/5G3lerRnbX pic.twitter.com/Z9Su2tkWsR
With the latest transfer on Thursday morning, the hacker has now transferred over 42,500 ether ($100 million) to Tornado Cash, making it the eighth 5,000 ether transfer thus far and the third this week. According to Arkham, the hacker still has 18,800 ether, which is currently valued at $45.8 million and about $5.7 million in various other cryptocurrencies.
WazirX exploited for over $230 million
Over $230 million worth of cryptocurrency assets were transferred without authorization on July 18 as a result of a wallet exploit at WazirX.
According to security firm Blocksec, the attacker drained the funds from the exchange's multisig wallet on the Ethereum network, possibly as a result of a compromised private key. The hacker had to upgrade this Safe Wallet's implementation to a malicious contract in order to execute the attack. The funds exploited were moved to an address that began selling stolen assets into ether immediately.
While it continued to address the fallout from the exploit, the cryptocurrency exchange stopped accepting withdrawals that same day but did not stop trading across its platform until a few days later.
Wazir X's team first put the blame for the hacker's exploit on its security partner Liminal Custody; however, an independent audit conducted by Grant Thornton showed that Liminal Custody was not responsible for the exploit.
The exchange stated in a June 2024 report that the stolen funds made up more than 45% of all reserves; in order to pay off its debts, the exchange has since applied for a restructuring procedure.
Who is behind the $230 million exploit on the Indian cryptocurrency exchange WazirX?
In a July report, blockchain analytics company Elliptic stated that onchain data suggested the attack on the Indian cryptocurrency exchange WazirX was carried out by the North Korean Lazarus Group, a well-known state-sponsored hacker group that has a history of carrying out high-profile exploits, such as a 2022 hack on the Ronin sidechain that cost $600 million.
"This hack was carried out by hackers associated with North Korea, according to on-chain analysis and additional information that Elliptic reviewed," the company explained via a blog post on its official website.
Elliptic further said, "We've made sure that our clients will be notified if they receive any of these funds by adding the address linked to the thief to our system."
The Wazir X team is currently dealing with a great deal of criticism from the community after an X handle that advocates for the victims of the Wazir X hacker published a report claiming that the $230 million hack may have been the result of an inside job.
Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.