In a shocking incident that marks India's largest crypto theft to date, nearly ₹2,000 crore (approximately $230 million) worth of cryptocurrencies were stolen from a wallet associated with the WazirX exchange last month. This massive theft has resulted in significant financial losses for thousands of people.
WazirX quickly reported the theft to the central cybercrime portal, the Financial Intelligence Unit, and the Indian Computer Emergency Response Team.
Additionally, a police case was filed in Delhi to address the situation.
Two digital forensics firms, Pelorus Technology and Crystal Intelligence, provided insights into how such a large-scale theft could occur despite the wallets being secured with multi-level authentication.
Crystal Intelligence, a blockchain intelligence firm, employs a security tool that monitors crypto transactions in real-time, helping trace the stolen funds.
After WazirX shared the identity of the compromised wallet, cyber investigators worldwide used the Crystal tool to track the money trail.
The investigation revealed that the theft had been planned since July 10, with around 200 transactions originating from the recipient's wallets on July 18.
On the day of the robbery, the stolen cryptocurrencies were quickly converted into other forms of cryptocurrency and transferred in smaller amounts to multiple wallets linked to two different exchanges. Over just a few days, around 2,000 transactions were made. Between July 18 and 22, about 95% of the stolen funds were consolidated into three wallets that currently appear unlinked to any exchange.
"When we started investigating, we saw a parallel story. First, the wallet was compromised and from there, the thief transferred 230 million dollars to his wallet. This was in different cryptocurrencies. At the same time, when we saw its back trail, a transaction was seen funding that wallet from Tornado Cash for a few days. The dates show he (thief) had been preparing from July 10," Sanjeev Shahi, Country Manager, Crystal Intelligence reported.
Experts believe that the thief used a Tornado Cash wallet to pay the transaction fees required for crypto transfers, which helped them conceal their identity. Tornado Cash operates like a hawala, facilitating anonymous transfers and making it difficult to trace the stolen funds.
Further, Shahi added that the malicious group can not use stolen funds. "Today, even though the funds are on the blockchain, he cannot use them. To use them, he has to come to the real world and convert it into fiat. As soon as he comes to the real world, his identity will be revealed."
