Cryptocurrency exchange WazirX fell victim to one of the largest crypto heists in the country’s history, with hackers making off with over ₹2,000 crore worth of funds. Since then, the perpetrators have been on a mission to launder the stolen money using Tornado Cash to avoid getting caught and evading authorities.Â
Tornado Cash, a well-known crypto mixer notorious for anonymizing cryptocurrency transactions. As the funds continue to flow through Tornado Cash and other wallets, the burning question remains: Can laundered funds still be traced? Let’s find out the answer;
WazirX Hack Overview
The WazirX hack dealt a significant blow to India’s crypto community with hackers stealing a staggering amount of over ₹2,000 crore worth of cryptocurrency. It included Ethereum (ETH), Shiba Inu (SHIB) and other nemours crypto assets. Onchain data revealed that the Wazirx Hacker entity transferred the stolen funds to Tornado Cash in batches. Initially starting with ₹400 crore ($50 million) in August, hackers continued sending funds to Tornado Cash throughout the whole September with the total now exceeding ₹2000 crore.Â
Also Read: WazirX Hacker ready to vanish with 2000 crores of user funds
Further complicating the situation, the stolen funds represented over 45% of WazirX’s total reserves as reported in June 2024. Now WazirX is facing a massive financial blow and has filed for restructuring to a Singapore Court in an attempt to manage its liabilities. With such a large portion of its reserves missing, the likelihood of users recovering their losses seems chimeric.Â
Are Stolen Funds Sent to Tornado Cash Traceable?
Tornado Cash is widely favored by hackers for its ability to anonymize cryptocurrency transactions. This makes it an effective tool for laundering stolen funds. It works by breaking the link between sender and recipient addresses while redistributing the funds to a new address. This process makes it incredibly challenging for investigators to follow the flow of deposits or withdrawals.Â
However, as Tornado Cash significantly complicates the tracing of transactions, it doesn’t make them entirely untraceable. Blockchain analytics firms like Arkham, Chainalysis, and Elliptic have developed sophisticated algorithms to track funds even when they pass through Tornado Cash.Â
Funds can be traced by analyzing transaction patterns, blockchain data, and timestamps – security experts could find links between the originating and destination wallets. This is especially true when hackers slip up or leave identifiable digital footprints in other parts of the transaction chain. For example, transferring small amounts of laundered funds to an exchange requiring identity verification have allowed investigators to unearth key clues that led to the identification of the perpetrators.
Although tracing stolen funds solely through Tornado Cash might be much complicated and it depends on several factors. The volume of transactions, timing, and how the funds are eventually moved to other platforms play a significant role in whether investigators can trace them. If the funds are moved to decentralized exchanges or peer-to-peer platforms that don’t require identification, it becomes far more difficult to pinpoint the final destination.Â
Could WazirX Funds Sent to Tornado Cash Be Recovered?
In the case of the WazirX hack, most of the stolen funds have already been laundered through Tornado Cash. While some funds might still be traceable, the sophisticated laundering tactics used in this case significantly reduce the chances of recovering the stolen crypto.
In previous cases, authorities have had some success in tracing funds that passed through mixers. For instance, in the 2021 Colonial Pipeline ransomware attack – a portion of the ransom paid in Bitcoin was recovered due to the hackers’ careless transaction behavior after using a mixer. This highlights the potential to trace stolen funds despite the usage of platforms like Tornado Cash.Â
However, it also underscores the fact that each case is unique and succeeding in tracing funds depends on the loophole or traces left behind by hackers. For the WazirX case, the sheer amount of funds moved and the advanced techniques employed by the hackers makes full recovery unlikely.Â
