Tracing the Hack. .. Investigation
ZachXBT began his investigation by identifying the exploiter's address, 0x6eedf92fb92dd68a270c3205e96dccc527728066, and tracking its activities.
On July 10th, the address showed transactions involving SHIB tokens, marking the start of a detailed cyber operation. These transactions, funded by multiple 0.1 ETH withdrawals from Tornado Cash, were used to create confusion about the origins and intentions.
Further analysis traced funds through addresses like 0xc68 and 0xc891, which received funds from Tornado Cash and interacted with other cryptocurrency exchanges to complicate the trail.
The operation also involved Bitcoin transactions from an unknown service, making it difficult to identify the ultimate beneficiaries.
Implications and Security Concerns:
ZachXBT's analysis of the WazirX hack revealed similarities to operations by the Lazarus Group, a notorious cybercrime organization. The use of privacy-centric services like Tornado Cash to create a web of transactions mirrors the tactics of the Lazarus Group, highlighting the evolving strategies of cybercriminals exploiting vulnerabilities in the crypto space.
