The hacker responsible for the $230 million breach at Indian crypto exchange WazirX moved stolen ether through Tornado Cash on September 2. This development marks a significant step in the attempt to obscure the transaction trail of the stolen funds.
The attack on WazirX occurred in July when the hacker exploited a vulnerability in one of the exchange’s multisig wallets. This breach resulted in the loss of over $230 million in various cryptocurrencies, including more than $100 million in Shiba Inu (SHIB) and $52 million in ether. The stolen funds represented over 45% of WazirX’s total reserves, as reported in June 2024.
On Tuesday, the hacker transferred over $6.5 million worth of ether to Tornado Cash, a mixing service that masks wallet addresses on blockchain networks. According to data tracked by Arkham, the hacker moved the funds in 26 separate transactions. The hacker’s address, which holds over $155 million in various tokens, had not previously transferred funds to Tornado Cash.
WazirX Faces Restructuring Challenges After Massive Theft
WazirX is currently undergoing a restructuring process to address the financial damage caused by the hack. The exchange has filed for restructuring in Singapore as it works to clear its liabilities and ensure some recovery for its customers. However, legal advisers for WazirX have stated that customers are unlikely to recover their total funds. The best-case scenario, they suggested, is a return of between 55% and 57% of the total assets.
WazirX Nears Completion of Trade Reversals After CyberattackNorth Korean hackers, known as the Lazarus Group, are suspected of attacking WazirX. This group has previously targeted cryptocurrency platforms. They allegedly laundered over $1 billion in stolen funds. This laundering occurred through Tornado Cash. The U.S. Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in 2022.
This latest development underscores cryptocurrency exchanges’ ongoing challenges in securing their platforms against sophisticated cyberattacks. The use of services like Tornado Cash further complicates efforts to track and recover stolen funds, highlighting the need for enhanced security measures and regulatory oversight in the crypto industry.