TLDR:
- WazirX hacker moved 10,000 ETH ($23.3M) in 24 hours
- Half sent to Tornado Cash, half to new Ethereum address
- Total laundered by hacker now 49,100 ETH ($115M)
- WazirX breach in July led to $230M theft
- Exchange plans to return 55-57% of stolen assets to users
The hacker behind the WazirX security breach has once again made headlines by moving a significant amount of stolen cryptocurrency.
Over the past 24 hours, the attacker transferred 10,000 Ethereum (ETH), valued at approximately $23.3 million, raising concerns about the ongoing investigation and recovery efforts.
According to reports from Cyvers Alerts, the hacker split the stolen funds into two transactions. On September 9, 5,000 ETH worth $11.5 million was moved to one address, followed by another 5,000 ETH valued at $11.7 million transferred to a different address on September 10. These movements are believed to be part of a larger pattern of activity by the hacker.
🚨UPDATE🚨🚨@WazirXIndia hacker just transferred 5K $ETH (~$11.7M) to a new address: https://t.co/FH7yXEf3UW.
It's likely headed to @TornadoCash, similar to yesterday's activity!Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo 🚀… https://t.co/RudLtRqqPz pic.twitter.com/5wt5PSQKpA
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 10, 2024
The total amount of cryptocurrency laundered by the WazirX hacker has now reached an estimated 49,100 ETH, equivalent to about $115 million. This figure includes the 12,600 ETH ($30.13 million) moved over the past eight days.
One of the primary concerns surrounding these transactions is the use of Tornado Cash, a privacy-focused service that allows users to obscure wallet addresses on various blockchains. While not legal in the United States, Tornado Cash is often utilized by cybercriminals to hide the trail of stolen assets. It’s believed that at least half of the recently moved funds were sent to Tornado Cash, making them nearly untraceable.
🚨 The WazirX attacker won’t stop laundering stolen $ETH!
In the past 24 hours, the attacker moved 10K $ETH ($23.3M), including:
• sent another 5K $ETH to #TornadoCash
• moved another 5K $ETH to a new address for further laundering.💸 Total laundered: 12.6K $ETH ($30.13M) in… https://t.co/hqIoMLq8s9 pic.twitter.com/HONUuhnqCB
— Spot On Chain (@spotonchain) September 10, 2024
The WazirX security breach occurred in July, resulting in the theft of over $230 million in user assets from the exchange’s multisig wallet.
Since the incident, WazirX has been working on recovery and restructuring efforts to mitigate the impact on affected customers.
Jason Kardachi, managing director of restructuring at Kroll, stated during a virtual press conference that the exchange aims to return 55-57% of the stolen assets to users.
This partial recovery is part of a broader restructuring plan that includes developing revenue-generating products, tracing and recovering stolen crypto assets, and allowing users who need immediate liquidity to withdraw their assets more quickly.
WazirX is also actively seeking a “white knight” investor to inject capital and exploring potential partnerships to strengthen its position. The company plans to distribute the remaining assets to users on a pro-rata basis, with those who stay during the restructuring process expected to receive higher recoveries.
The recent fund movements by the hacker have complicated the ongoing investigation and recovery efforts. Law enforcement agencies face challenges in tracking the stolen funds due to the sophisticated techniques used to obscure their trail, particularly through services like Tornado Cash.
These events occur against a backdrop of increasing concern about crypto security. The FBI recently reported a 45% surge in crypto fraud, resulting in losses of $5.6 billion last year.
This increase in incidents, primarily driven by investment scams, underscores the growing risks within the cryptocurrency space.