$230 Million Hack on WazirX

The entity behind the $230 million hack on the Indian crypto exchange WazirX in July appeared to move another batch of 5,000 ether ($12 million) to an intermediary address on Thursday morning before subsequently laundering the funds in 100 ether ($243,000) chunks via Tornado Cash.

According to the on-chain analytics platform Arkham, the attacker first began moving the hacked funds on Sept. 2, transferring 2,500 ether (around $6.3 million at the time) directly to the U.S.-sanctioned crypto mixer in 100 ether tranches. Sending funds to a mixer is a common tactic that cybercriminals use to make it harder for law enforcement to track and recover stolen crypto.

In a slight change of tactics on Sept. 5, the hacker began transferring further batches of 5,000 ether to intermediary addresses before subsequently moving those funds in 100 ether chunks to Tornado Cash.

Thursday’s movement of funds marks the eighth 5,000 ether transfer made so far and the third this week, with a total of more than 42,500 ether ($100 million) now transferred by the hacker to Tornado Cash.

The entity still has another 18,800 ether, currently worth around $45.8 million, left to transfer, per Arkham, in addition to roughly $5.7 million in various other cryptocurrencies.

Ethereum’s native asset is currently trading for around $2,420, down nearly 30% from approximately $3,420 on the day of the WazirX hack.

WazirX’s Ongoing Hack Fallout

WazirX suffered an exploit resulting in the unauthorized transfer of over $230 million worth of crypto assets on July 18. The exploit targeted the exchange’s multisig wallet on the Ethereum network, potentially resulting from a private key compromise, and drained the funds.

The crypto exchange paused withdrawals the same day but only halted trading across its platform a few days later as it continued dealing with the exploit’s fallout.

Blockchain analytics firm Elliptic said in a July report that on-chain data indicated the attack was perpetrated by the North Korean Lazarus Group, a notorious state-sponsored hacking organization known for executing high-profile exploits, including a $600 million hack on the Ronin sidechain in 2022.

In August, Zettai, the Singapore holding company behind WazirX, filed an application with the country’s High Court for a moratorium to restructure its liabilities following the exploit. Zettai estimated it needed at least four to six months to consider the terms of a restructuring plan and work with the relevant stakeholders, claiming it was the “fastest route to allowing the reopening of cryptocurrency withdrawals.”

On Tuesday, Binance reiterated its claim that it does not own, control, or operate WazirX in any way. While a contract was signed at one point between the parties, the transaction was never closed due to “Zettai’s failure to perform its obligations,” the crypto exchange giant said. Binance accused Nischal Shetty, a director of WazirX’s parent company, of making “misleading statements” to the contrary in two subsequently submitted affidavits in support of its application to the High Court.