WazirX Hacker Sends $6.5M to Tornado Cash

WazirX Tornado Cash

In a new twist to one of India’s largest cryptocurrency thefts, the hacker behind the $230 million breach of WazirX has started laundering stolen funds through Tornado Cash, a cryptocurrency mixing service notorious for its role in money laundering.

On September 3, 2024, blockchain security firm PeckShield reported that the hacker transferred 2,600 ETH, valued at approximately $6.5 million, into Tornado Cash. This news complicates efforts to recover the stolen assets, raising significant concerns for both the exchange and its users.

The breach occurred on July 18, 2023, when the hacker targeted a multi-signature wallet belonging to WazirX, one of India’s leading cryptocurrency exchanges. The attack resulted in the theft of a substantial amount of digital assets, including over $100 million in Shiba Inu (SHIB) tokens and $52 million in Ether (ETH).

In total, the stolen assets represented more than 45% of the exchange’s reserves as of June 2024, marking the incident as one of the largest cryptocurrency thefts in India’s history.

The hacker’s decision to move funds through Tornado Cash marks a significant escalation in the complexity of the recovery efforts. Tornado Cash is a cryptocurrency mixing service that obscures the origin of transactions by blending multiple transfers together. The hacker executed 26 separate transactions, each transferring 100 ETH to Tornado Cash, effectively complicating the tracking of the stolen funds.

Tornado Cash has been under scrutiny by U.S. authorities and was sanctioned by the U.S. Office of Foreign Assets Control (OFAC) in 2022 for its role in facilitating money laundering activities. The service has been linked to the laundering of over $1 billion in stolen funds, particularly by the Lazarus Group, a North Korean hacking organization suspected to be behind the WazirX breach.

In response to the breach, WazirX imposed a 66% withdrawal limit on users’ Indian rupee balances, a move that sparked frustration among its user base. The exchange also sought legal protection by filing for a six-month moratorium with the High Court of Singapore, aiming to restructure its liabilities through its holding company, Zettai.

During a recent town hall meeting, Jason Karachi, managing director at Kroll, highlighted the immense challenges faced by WazirX in recovering the stolen funds. Jason Karachi stated, “It’s highly unlikely there can be a recovery in crypto terms, at 100%. The present numbers indicate a range of 52%-57% in crypto terms.

This grim outlook has left many investors disappointed, as it suggests that they may face significant losses despite ongoing recovery efforts.

On September 3, 2024, WazirX announced that it would allow users to withdraw up to 66% of their Indian rupee token balances from the platform, nearly a week earlier than initially planned. However, the remaining 34% of rupee-denominated balances are currently frozen due to ongoing investigations by law enforcement agencies, further complicating the situation for users.

The involvement of the Lazarus Group adds another layer of complexity to the case. Known for their involvement in large-scale cybercrime, the group has become notorious for laundering stolen funds through platforms like Tornado Cash. Their involvement in the WazirX breach has heightened concerns about the potential for recovery, as the group’s sophisticated laundering techniques make it difficult to trace and reclaim the stolen assets.

As WazirX continues its restructuring process, the future remains uncertain. The exchange has announced that trading will resume once creditors approve the restructuring proposal and the court gives its sanction. However, the path to recovery is fraught with challenges, particularly as the hacker continues to leverage advanced techniques to obscure the trail of the stolen funds.

The WazirX hack serves as a stark reminder of the risks associated with cryptocurrency exchanges and the importance of robust security measures. For the exchange and its users, the focus now shifts to navigating the complex legal and financial landscape in the hopes of minimizing losses and restoring confidence in the platform.

You may also like:

Related Posts

Leave a Reply