Business
WazirX Cyber Heist: Over $230 Million Stolen and Laundered via Tornado Cash
Explore the shocking details of the WazirX cyber heist, where over $230 million was stolen and laundered using Tornado Cash. Uncover how this unprecedented event unfolded and its implications for the cryptocurrency landscape.
Stolen Funds from WazirX: A Deep Dive into the Cyber Heist
The hacker group responsible for the theft of over $230 million in user assets from the Indian cryptocurrency exchange WazirX has begun to move the stolen funds using the privacy tool Tornado Cash. This maneuver, initiated early Tuesday, is a strategic move that enables the perpetrators to obscure the trail of the misappropriated assets.
Tornado Cash is a service that allows cryptocurrency users to exchange tokens while concealing their wallet addresses across various blockchains. While the service itself is not inherently malicious, it has gained notoriety for being a favored tool of cybercriminals aiming to launder stolen funds and erase any traces that could lead back to their identities.
According to data analyzed by Arkham, the attacker has executed nearly $4 million worth of ether (ETH) through 16 transactions on the Ethereum network, all of which were routed to a Tornado Cash address. This particular address currently holds more than $155 million in various tokens, the majority of which is in ether, amounting to approximately $150 million. Notably, this address had previously remained inactive in terms of moving funds to Tornado.
In July, WazirX experienced a significant security breach involving one of its multisignature wallets. This breach resulted in the draining of over $100 million in shiba inu (SHIB) and an additional $52 million in ether, among other assets. The magnitude of the theft accounted for over 45% of the total reserves that the exchange reported in a June 2024 financial statement. In the wake of this incident, WazirX has initiated a restructuring process aimed at addressing its liabilities.
Legal advisors representing WazirX indicated on Monday that customers are unlikely to recover their funds in full. The most optimistic scenario suggests that users may see a return of only between 55% and 57% of their stolen assets.
It is worth noting that the North Korean hacking group Lazarus is believed to be behind this audacious cyber attack, as previously reported. This notorious group has been linked to the laundering of over $1 billion in stolen cryptocurrency through Tornado Cash before the Office of Foreign Assets Control (OFAC) imposed sanctions on the service in 2022, according to various estimates.