Skip to content

$12 million WazirX heist ETH moved through Tornado Cash

  • by
  • 2 min read

A North Korean-linked hacking group behind the WazirX heist has moved $12 million worth of stolen Ethereum (ETH). This recent transfer, executed early Monday, continues a string of efforts by the hackers to obscure their illicit activity using a mixing service, Tornado Cash.

Blockchain analytics firm Arkham first flagged the movement of over 5,000 ETH, originating from a July 2024 attack on the Indian crypto exchange WazirX. The transfer, initiated at 07:19 UTC, directed the funds to a new address before dispersing $1.2 million worth of tokens over five separate transactions to Tornado Cash.

This is not the first transfer the hackers have made in recent weeks. Last week, the group moved $4 million in stolen funds, and according to reports, their main wallet still holds an estimated $119 million in assets, with a significant portion being Ethereum, totalling $113 million.

The initial breach in July involved a compromise of WazirX’s multi-signature wallet, allowing the hackers to steal $230 million in cryptocurrencies.

WazirX hackers’ wallet address. | Source: Arkham

The security breach significantly impacted the platform’s total reserves, with the stolen assets comprising over 45% of WazirX’s holdings.

The scale of the heist forced WazirX to enter a restructuring process to address liabilities and rebuild trust within the crypto community.

Tornado Cash is quite popular among crypto stealer gangs. While the platform is legal, its ability to conceal the identities of those behind crypto transactions makes it a popular tool for criminals attempting to launder stolen digital assets.

Last week, WazirX organised a town hall to address users’ queries. Here, crypto users were surprised to learn that WazirX’s crypto deposits and associated activities have no owners, and users are still in limbo about the blocked cryptocurrencies.

WazirX is also in talks with 11 crypto exchanges for capital infusion and has already signed a non-disclosure agreement (NDA) with three of them.

In the News: CapCut-themed phishing campaign is stealing crypto and data

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>