Following the $235 million exploit of the cryptocurrency exchange WazirX, the hacker behind the breach has converted nearly $150 million worth of the stolen altcoins into Ethereum (ETH). 

Between July 18-19, the hacker converted substantial amounts of various altcoins to ETH. According to blockchain analytics firm Spot On Chain, the conversion included $90.2 million worth of Shiba Inu (SHIB), $10.2 million in Polygon (MATIC), and nearly $7.5 million in Pepe (PEPE). These transfers have escalated the total stolen funds held in Ethereum to $201 million, up from the initial $52 million.

Reasons Behind the Conversion

The hacker’s decision to convert ERC-20 tokens to Ethereum is rooted in several factors. ETH is known for its liquidity and lack of a blacklisting feature, making it a safer asset for illicit transactions. Spot On Chain highlighted that some ERC-20 tokens have contract functions that allow addresses to be blacklisted, a feature absent in ETH.

"Swapping to Ether quickly can help the hacker secure their funds before any preventative measures are taken by authorities or the issuers of centralized tokens," commented blockchain security firm PeckShield. A prime example of this preventative measure is stablecoin issuer Tether, which has blacklisted numerous wallets involved in suspicious transactions.

Ethereum's liquidity and stability make it a preferred choice for laundering funds through cryptocurrency exchanges and mixer protocols. Blockchain security firm Beosin noted that ETH's price stability and ease of movement across various platforms make it an attractive option for those looking to obfuscate the origin of stolen funds.

The hack has had a noticeable impact on the market. SHIB has seen a nearly 7% drop since the incident, while ETH's price has only marginally decreased by 0.1%. The hacker still holds approximately $12 million worth of Chromia (CHR), Celer Network (CELR), Frontier (FRONT), and Ooki (OOKI) tokens, according to Spot On Chain.

WazirX's Response

Following the breach, WazirX halted withdrawals on July 18. The security breach wiped out nearly half of the exchange’s reserves, as per their June proof-of-reserves report. In a statement on X, WazirX declared, "This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery."

Blockchain forensics firm Elliptic has indicated that specific patterns and techniques used in the WazirX attack suggest the involvement of North Korean hackers. If confirmed, this would add to the growing list of high-profile crypto heists attributed to North Korea.