In less than two months of WazirX hack amounting to Rs 2000 crore, the alleged hacker has already moved Rs 1400 crore worth of cryptocurrencies to different addresses for laundering purposes, thereby diminishing any possibilities of funds recovery.
On July 18 2024, WazirX suffered the major security breach involving one of its multi-sig wallets. The attacker siphoned off various digital assets, including 5.4 trillion SHIBA INU (SHIB) tokens ($102 million), 15,298 Ethereum (ETH) ($52.5 million), 20.5 million MATIC ($11.24 million), and several smaller tokens like GALA and PEPE​.
Since the incident, the hacker has moved approximately Rs 1456.89 crores of funds from their primary wallets to different other wallets and crypto mixing protocol Tornado Cash. According to data from Arkham Intelligence, the hacker entity currently holds approximately $60 million of stolen assets that amounts to Rs 502 crores.
Post-Hack Major Funds Movement
The initial movements of the funs started just after the breach on 18th July with the hacker moving over $102 million worth of SHIB, $52.5 million in ETH, and $11.24 million in MATIC. The hacker also transferred large amounts of PEPE ($7.6 million) and other altcoins like GALA to other addresses. Similar to other attackers, WazirX hacker also used Tornado Cash – a decentralized crypto mixer known for concealing transactions – to launder the stolen funds​.Â
The hacker began actively liquidating portions of the stolen assets days after the hack with quickly selling over 200 billion of SHIB tokens. They also distributed over 1 trillion SHIB across multiple wallets and at the time, SHIB was the largest holding for the hacker at the time. By end of the August, the hacker liquidated or moved approximately $130 million in assets​.
In a latest transaction, the hacker transferred another batch of 5000 ETH to Tornado Cash – lowkey celebrating two months of hack. Latest data from Spotonchain suggest the hacker still holds nearly $60 million of stolen funds on 16 multiple addresses.Â
Community and Regulatory Response
This incident highlights the importance of robust security measures for exchanges handling millions in user assets. The ability of the hacker to exploit WazirX’s multi-sig wallet and funnel funds through Tornado Cash underscores the vulnerabilities in existing security infrastructures. Crypto exchanges worldwide must reassess their defenses against sophisticated exploits like this one.Â
Also Read: Exclusive: WazirX hasn’t moved funds from Liminal Custody Despite Ending Terms