Search This Blog

Powered by Blogger.

Blog Archive

Labels

WazirX Hacker Starts Moving Stolen Ether Anonymously Using Tornado Cash

WazirX hacker launders stolen Ether via Tornado Cash amid exchange's financial restructuring and INR withdrawals.

 


As a result of an attack by an unknown entity, some of the $234 million allegedly stolen from the WazirX exchange in one of India's worst crypto hacks has already been laundered. This action occurred on the same day the platform released its recapture plan. It was discovered that the perpetrator on Monday moved 2,500 Ether tokens worth about $6.3 million to Tornado Cash - a service that even blurs the origin of crypto assets - after attending the briefing session led by WazirX cofounder Nischal Shetty, who is based in Dubai.

In August, WazirX was hacked by an unknown group of hackers, who have remained unidentified since the heist took place in July and are reportedly moving the funds that have been stolen around. A recent piece of data collected by Arkham Research suggests that the hacker is using a controversial platform called Tornado Cash to commit his crimes. 

A hacker who stole more than $230 million (roughly Rs. 1,900 crore) appears to have moved some $54.5 crore of Ether tokens worth of the stolen cryptocurrency $230 million into Tornado Cash, a cryptocurrency platform that is now sanctioned by the United States government. Using Tornado Cash, users can deposit their crypto tokens into a pool that contains various crypto tokens and then have their funds transferred to the destination wallet in the form of other cryptocurrencies after depositing their funds. 

Over the past few years, Tornado Cash has become one of the most popular tools used by cybercriminals who want to let no evidence of their illicit activities trail them when transferring funds they have gained through illicit means. As the data by Arkham shows, the hacker was able to facilitate 26 transactions through the use of his credentials to transfer the aforementioned amount to a Tornado Cash address. 

Furthermore, Etherscan data showed that the hacker moved the funds through various Bitcoin transactions, each carried out with 100 Ethereum units. It has been reported that social media users have been able to capture pictures of these details. Data tracked by Arkham shows that the attacker moved nearly $4 million worth of ether [ETH] in 16 transactions through a Tornado Cash router, some of which were obtained through the Ethereum network. 

This address is currently holding over $155 million worth of various tokens, with a majority of the funds being ether, which at $150 million has accumulated over the past few months. On the other hand, WazirX recently revealed that, almost one week before the withdrawal window was supposed to open, users had begun to be able to withdraw up to 66% of their Indian rupee token balances from the exchange.  

As a result of the theft of funds, over 45% of the total reserves cited by the exchange in a June 2024 report have gone missing - and the exchange has since filed for a restructuring process to move forward on clearing its liabilities to recover the money. In a statement on Monday, WazirX's legal advisers stated that it is unlikely that the company will be able to make good on its obligations in crypto terms going forward, with the best-case scenario being a refund of anywhere between 55% and 57%. 

This attack is believed to have been conducted by Lazarus, a North Korean hacking unit, as previously reported by Reuters. It has been estimated that the group laundered over $1 billion in stolen funds through this service before OFAC sanctions were imposed in 2022, according to estimates put forward by the group. Nischal Shetty, father of WazirX and co-founder of the company, confirmed that the hacker hasn't been identified yet. 

The Lazarus Group, a notorious hacking group that has been associated with North Korea for quite a while, has previously been alleged to have been involved in this hack. Last week, WazirX initiated its first steps toward financial restructuring in the aftermath of the recent hacking incident. As part of this effort, the cryptocurrency exchange has filed for a moratorium in a Singapore court. 

This legal action grants WazirX a reprieve, allowing it additional time to thoroughly assess its financial liabilities and reorganize its capital structure. The entire restructuring process is expected to take up to six months before it is fully completed. In the interim, WazirX has reopened withdrawals for Indian Rupees (INR) on its platform. 

The exchange is actively encouraging its users to withdraw 66 percent of their unfrozen INR balances, which have been made available for withdrawal at this stage. This measure is aimed at ensuring greater user security and providing liquidity during the ongoing restructuring phase.
Share it:

Crypto Hacks

Cyber Attacks

CyberCrime

Cyberhacekrs

Cybersecurity

Tornado Cash

WazirX