WazirX Hacker ETH Transfer Launders $11 Million of Stolen Ethereum Through Tornado Cash
The July 2024 cyberattack on Indian crypto exchange WazirX, over $11 million worth of stolen Ether (ETH) was transferred to Tornado Cash by the North Korean hackers behind the breach. The WazirX Hacker ETH transfer, which occurred early Monday, involved more than 5,000 ETH, highlighting the ongoing challenges of tracing illicit crypto transactions.
According to wallet data tracked by blockchain analytics firm Arkham, the hacker moved the stolen ETH to a new address at 07:19 UTC before sending $1.2 million worth of tokens through five separate transactions to Tornado Cash, a mixing service designed to obfuscate the origin of funds. While Tornado Cash has legitimate uses, it has gained notoriety as a tool frequently employed by crypto criminals to launder stolen assets.
A Trail Gone Cold
The WazirX Hacker ETH transfer is the latest move in a series of efforts by the North Korean entity to hide their tracks. Earlier last week, the same hackers transferred $4 million in ETH from the stolen cache, marking a pattern of incremental transfers aimed at making the funds harder to trace.
Blockchain investigators revealed that the hacker’s primary wallet still holds over $107 million worth of various tokens, with the bulk $100 million in Ether. These incremental transfers suggest a calculated attempt to gradually obscure the stolen funds using Tornado Cash without drawing too much attention at once.
The North Korean cyber group responsible for the WazirX Hacker ETH transfer has been linked to other high-profile crypto heists in recent years. Cybersecurity experts warn that these attacks are often coordinated with state-backed efforts to circumvent global sanctions, fund rogue operations, or support regime activities.
The WazirX Breach
WazirX, one of India’s largest cryptocurrency exchanges, suffered a massive security breach in July, which saw the loss of more than $100 million in Shiba Inu (SHIB), $52 million in ETH, and other digital assets. The stolen funds represented nearly 45% of the exchange’s total reserves, according to a June 2024 report.
The breach targeted a multisignature (multisig) wallet, an advanced security feature that requires multiple signatures from different users to authorize transactions. However, even this robust setup was not enough to prevent the WazirX Hacker ETH transfer, signaling how sophisticated the attackers were.
In response to the breach, WazirX has since filed for a restructuring process aimed at clearing its liabilities. The exchange’s management has been working to mitigate the impact of the attack on its operations and users, but the significant loss of reserves has raised questions about the long-term viability of the platform.
Speaking on the situation, Nischal Shetty, founder of WazirX, stated, “The July attack on WazirX was a devastating blow, not just to the platform, but to our users and the broader crypto community. We are working tirelessly to recover and ensure that such an event never happens again.”
Tornado Cash
The use of Tornado Cash in the WazirX Hacker ETH transfer has reignited the debate over the role of mixing services in the cryptocurrency ecosystem. Tornado Cash allows users to mix crypto assets to obscure the origin of funds, providing privacy for legitimate users but also a tool for criminals to launder stolen crypto.
Blockchain security expert Tom Robinson, co-founder of analytics firm Elliptic, pointed out the growing concern over the misuse of such services. “Tornado Cash is a privacy tool at its core, but its anonymity features have unfortunately made it a go-to service for hackers looking to clean stolen funds. The WazirX Hacker ETH transfer is just one of many instances where criminals have leveraged this technology,” Robinson explained.
While Tornado Cash itself is not illegal, its frequent use by bad actors has drawn the attention of regulators. In August 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash, citing its role in facilitating the laundering of billions of dollars worth of crypto tied to illicit activities, including funds stolen by North Korean hacking groups like Lazarus.
Despite the sanctions, the WazirX Hacker ETH transfer demonstrates that Tornado Cash is still operational, and its use by criminals remains a pressing issue.
A Call for Greater Regulation
The WazirX Hacker ETH transfer has once again highlighted the need for stricter regulatory oversight in the cryptocurrency industry, particularly concerning privacy-enhancing tools like Tornado Cash. Many experts argue that while blockchain technology provides transparency, it also enables anonymity, which bad actors can exploit.
Blockchain analyst Sarah Meadows emphasized the delicate balance between privacy and security. “It’s essential that we find a way to allow legitimate users to protect their privacy without giving criminals an easy avenue to hide their activities. The WazirX Hacker ETH transfer is a prime example of how difficult this balance can be to strike.”
In the wake of the WazirX breach and the subsequent transfers, calls for better security practices have intensified. Exchanges are urged to bolster their security measures, particularly for multisig wallets, to prevent similar breaches in the future.
The Road Ahead
For WazirX, the recovery process continues as the platform attempts to navigate the financial fallout from the hack. As the WazirX Hacker ETH transfer saga unfolds, the exchange’s users remain hopeful that efforts to restructure and improve security will restore confidence in the platform.
However, with the hackers still in control of over $107 million in stolen funds and the ongoing use of Tornado Cash to launder those assets, it’s clear that the recovery of the stolen crypto is far from certain.
The WazirX Hacker ETH transfer serves as a sobering reminder of the risks inherent in the crypto space and the need for constant vigilance from exchanges, regulators, and users alike.
Get more from The Bit Gazette