TLDR:

  • WazirX hacker moved $6.5 million worth of ETH to Tornado Cash

  • The hack in July 2023 resulted in a $230 million loss for WazirX

  • WazirX is undergoing restructuring and allowing partial withdrawals

  • Customers are expected to recover only 55%-57% of their funds

  • North Korean hacking unit Lazarus is suspected to be behind the attack

On September 3, 2024, the hacker responsible for the $230 million WazirX breach in July began moving stolen funds through Tornado Cash, a cryptocurrency mixing service.

According to blockchain security firm PeckShield, the attacker transferred 2,600 ETH, valued at approximately $6.5 million, to the sanctioned platform.

#PeckShieldAlert #WazirX Exploiter -labeled address has transferred 2600.1 $ETH (worth ~$6.5M) to #Tornadocash within the last 9 hours
On July 18, India's #CEX WazirX suffered a major security breach, resulting in the theft of over $230 million in cryptos. pic.twitter.com/0QeKkleUyb

— PeckShieldAlert (@PeckShieldAlert) September 3, 2024

Arkham Intelligence reported that the hacker carried out 26 transactions, each moving 100 ETH to Tornado Cash.

These transfers started just hours after WazirX’s first town hall meeting to discuss its moratorium application. The use of Tornado Cash, a service known for obscuring transaction trails, raises concerns about the potential recovery of the stolen assets.

The July 18 security breach targeted one of WazirX’s multi-signature wallets, resulting in one of the largest cryptocurrency thefts in India’s history.

The stolen funds included over $100 million in Shiba Inu (SHIB) tokens and $52 million in Ether (ETH), among other assets. This amount represented more than 45% of the total reserves reported by the exchange in June 2024.

In response to the hack, WazirX implemented a 66% limit on users’ Indian rupee withdrawals. The exchange has also taken legal steps by filing an affidavit with the High Court of Singapore, requesting a six-month moratorium to allow its holding company, Zettai, to restructure its liabilities.

During a recent town hall meeting, Jason Karachi, managing director at Kroll, stated, “It’s highly unlikely there can be a recovery in crypto terms, at 100%.

The present numbers indicate a range of 52%-57% in crypto terms.” This announcement disappointed investors, who claimed the event failed to provide new information beyond what had been previously disclosed.

WazirX announced on September 3 that it had begun allowing users to withdraw up to 66% of their Indian rupee token balances from the exchange, nearly a week earlier than initially scheduled. The exchange moved the withdrawal window forward to provide users with quicker access to their funds.

However, WazirX noted that 34% of rupee-denominated balances remain “frozen” due to ongoing investigations with various law enforcement agencies. The exchange also suggested that there were still legal issues surrounding cryptocurrency withdrawals.

The attack on WazirX is believed to be the work of Lazarus, a North Korean hacking unit. This group is estimated to have laundered over $1 billion in stolen funds through Tornado Cash before the service faced sanctions from the U.S. Office of Foreign Assets Control (OFAC) in 2022.

Trading on the WazirX platform is expected to resume once creditors approve the restructuring proposal and the court sanctions it.

The post WazirX Hacker Transfers $6.5 Million in Stolen Funds to Tornado Cash appeared first on Blockonomi.