WazirX Hacker Moves $6.5 Million in ETH to Tornado Cash

Highlights:

• The hacker transferred significant ETH to the sanctioned mixer Tornado Cash to launder the funds.
• The wallet now holds $153.8k after 26 transfers to Tornado Cash.
• WazirX initiates Phase 2 withdrawals; 43% of funds lost.

According to cybersecurity firm Cyvers Alert, a wallet address linked with the hacker who stole over $235 million from Indian crypto exchange WazirX has just transferred 2,600 Ethereum ($6.5 million) to the US-sanctioned crypto mixer Tornado Cash to launder the stolen assets. Cybercriminals often use mixers to obscure the trail of stolen crypto, making it harder for law enforcement to trace and recover the funds.

🚨ALERT🚨The @WazirXIndia hacker has begun transferring stolen funds to @TornadoCash at https://t.co/bXF5gBKvxj

The incident, which was revealed by the @Cyvers_ system on July 18, 2024, resulted in a $235M loss.

So far, the attacker has moved 2,600 $ETH $6.5M to Tornado Cash!… https://t.co/egLcmhaYYb pic.twitter.com/jIlx9RND2y

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 2, 2024

As of Sept. 2, the wallet held $6.7 million. However, after 26 transfers of 100 ETH to Tornado Cash in just one hour, only $154,000 remains, according to data from the crypto tracking platform DeBank. A review of the wallet address history reveals that it now contains 61 ETH, valued at $153.8k, following the transfers.

Additionally, Arkham Intelligence data indicates that the hacker retains approximately $154.5 million in stolen funds, primarily in ETH. Other assets in the hacker’s wallet include 1.87 billion DENT ($1.47 million), 78.6 million CELR ($897.3k), and 556.6 million OOKI ($782.2k), among other cryptocurrencies.

WazirX Hack

On July 18, 2024, cryptocurrency exchange WazirX disclosed a significant cyberattack on its multi-signature wallet, leading to over $235 million in losses. The heist reportedly stole approximately 43% of customer assets and 45% of the exchange’s reserves. Withdrawals have been frozen, and trading has paused since July 21 as the team concentrates on partial recovery.

This attack is suspected to be carried out by the Lazarus Group, a notorious state-sponsored hacking organization from North Korea. The group is known for executing high-profile exploits, including a $600 million hack on the Ronin sidechain in 2022.

WazirX Opens 2nd INR Withdrawal Phase

The Indian crypto exchange has initiated Phase 2 of withdrawals, one week earlier than the originally scheduled date of September 9. “Starting today, all eligible users can now withdraw up to the full 66% limit of their INR [Indian rupee] balances,” wrote the firm in a September 3 X post. 

Phase 2 of INR withdrawals is live ahead of schedule.

We’re working tirelessly to deliver even faster results. Our objective is to be ahead of schedule for all the timelines we share. We will try our level best to make it happen.

To keep the momentum going we need your… https://t.co/oYsHCYPKLt

— Nischal (Shardeum) 🔼 (@NischalShetty) September 3, 2024

During a recent conference call with journalists, WazirX founder Nischal Shetty mentioned that customers will likely lose approximately 43% of their funds with the exchange. According to other market experts, the best-case scenario for recovery would be between 55-57%. Moreover, Shetty said these figures are as of Monday and may change over time.

He said:

“You’re not in a position to see it today because we’re in negotiation, in ideation stage. Over the next several weeks, it will be easier and clearer on each stage where we can fill the gap.”

Amid these developments, Zettai, the parent company of WazirX, is contacting 11 major crypto exchanges and trading firms to find “white knights” for emergency funding or strategic partnerships. The 11 companies involved each handle between 5.5 million and 100 million users. They handle daily transactions ranging from $5 million to $4 billion.

Zettai initiated these discussions after filing for a moratorium with the Singapore High Court last week. Moreover, the company expects to complete its restructuring process within six months. Shetty said this period is crucial for developing a recovery plan and incorporating feedback from the company’s 4.3 million creditors.