Skip to content

Hackers move $4 million stolen WazirX ETH to Tornado Cash

  • by
  • 3 min read

The hacker group responsible for last month’s audacious theft of over $230 million from Indian cryptocurrency exchange WazirX has begun transferring the stolen assets, using the privacy-focused crypto service Tornado Cash to obscure their tracks. On Tuesday, the attackers initiated the process by moving nearly $4 million worth of Ether (ETH) across 16 transactions on the Ethereum network.

The service, by itself, is not malicious. However, it is a favourite of hackers as it masks wallet addresses. Tornado Cash has emerged as a go-to tool looking for those to clean stolen crypto by covering the trail of illicit funds.

As per CoinDesk, the attacker’s Ethereum wallet, which holds more than $155 million in various tokens — $150 million of which is in ETH — had not previously transferred any funds to Tornado Cash before this move, signalling a new phase in the laundering of stolen assets.

The hack, which took place in July, exploited a vulnerability in one of WazirX’s multi-signature wallets, leading to the theft of a staggering $100 million worth of Shiba Inu (SHIB) tokens and $52 million in Ether, among other assets.

The breach severely impacted WazirX’s reserves, with the stolen funds representing 45% of the total holdings reported by the exchange just a month prior.

The attackers’ use of Tornado Cash poses significant challenges for investigators. While blockchain technology makes tracing transactions on a public ledger possible, mixers like Tornado Cash are specifically designed to obscure such activity.

This is an image of 1. 2

This increases the difficulty in identifying the individuals behind the attack and recovering the stolen funds, especially as the hackers continue to move assets across multiple blockchains.

WazirX has since filed for a restructuring process as it grapples with the fallout of the attack. However, the outlook for customers hoping to recover their lost crypto remains bleak.

According to the exchange’s legal advisers, affected users are unlikely to receive full restitution in cryptocurrency. They suggested that the best-case scenario would see customers recovering between 55% and 57% of their stolen assets, leaving a significant portion of the funds lost.

Although the exchange allowed partial INR withdrawal, the crypto balances are still locked.

Reports also came that WazirX is in talks with 11 crypto exchanges for capital infusion and has already signed a non-disclosure agreement (NDA) with three of them.

WazirX conducted an interactive session on YouTube to explain the ownership dispute regarding its crypto assets, with CEO Nischal Shetty addressing the situation.

Speculation around the identity of the attackers points to the infamous North Korean hacking group Lazarus.

In the News: Critical flaw in WP Job Portal puts 6,000 websites at risks

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of spyware malware cybersecurity privacy featured 31

Threat actors deploy FrigidStealer on Macs via web inject attacks

This is an image of crypto farm

XMRig cryptominer distributed via trojanised game torrents

Photo: sundry photography / shutterstock. Com

Over 100 AWS keys found on public GitHub repositories

This is an image of scam call featured 1

Noida-based call center operation dupes victims of $1.4 million

This is an image of nvidia gpu compared 100

Concerns mount over outdated Nvidia A100 GPUs in India’s AI Mission

  • by
  • In News, AI
Illustration: cinemato

Two Estonians found guilty of $577 million crypto ponzi scheme

>