TLDR
- WazirX hackers have nearly completed laundering $230 million through Tornado Cash
- Only $6 million remains in the main wallet of the hackers
- The hack targeted a multisignature wallet, stealing various cryptocurrencies
- WazirX has initiated a restructuring process to address liabilities
- Recovery efforts are challenged by the use of coin mixers and possible involvement of state-sponsored actors
The aftermath of the $230 million WazirX hack continues to unfold, with recent developments indicating that the perpetrators have nearly completed their efforts to launder the stolen funds through the cryptocurrency mixer Tornado Cash.
This move has significantly complicated attempts to recover the assets for affected users of the Indian crypto exchange.
Since Monday night, the hackers have moved approximately 15,000 ETH, valued at nearly $40 million, across numerous transactions.
This activity follows a decision by the High Court of Singapore, which granted WazirX a four-month moratorium to restructure its liabilities in the wake of the midsummer hack.
The use of Tornado Cash, a decentralized cryptocurrency mixer, has made tracing the funds extremely difficult.
By commingling cryptocurrencies using smart contracts, Tornado Cash effectively obscures the original source of the funds. Despite being sanctioned by the United States Treasury’s Office of Foreign Assets Control in 2022, the mixer remains operational due to its decentralized nature, handling nearly $2 billion in transactions through July 2024.
On-chain data from Etherscan and analysis by Arkham Intelligence reveal that the hacker’s main wallet still holds over $6 million in various crypto assets, primarily Ethereum.
Over the past week, the entity behind the hack has moved approximately $57 million worth of assets.
The WazirX hack, which occurred in mid-2024, targeted a multisignature wallet and resulted in the loss of $97 million in Shiba Inu (SHIB), $53 million in Ethereum, and additional assets bringing the total to $230 million.
This amount represents more than 45% of WazirX’s total reserves, prompting the exchange to initiate a restructuring process.
In the aftermath of the hack, WazirX founder Nischal Shetty has pointed fingers at various parties. Initially, he blamed the custodian Liminal for the security lapse, which Liminal denied.
Later, Shetty alleged that Binance held the majority of WazirX parent Zettai Labs’ funds, limiting their ability to compensate affected customers. Binance subsequently refuted these claims.
Some analysts suspect that North Korea-sponsored actors, such as the Lazarus Group, may be responsible for the heist.
Jeremiah O’Connor, CTO and co-founder of crypto cybersecurity firm Trugard, noted that recovering stolen funds remains exceptionally challenging when dealing with such groups.
These state-backed entities often employ networks of foreign operators and use sophisticated methods to move funds, significantly reducing the likelihood of successful asset recovery.
The use of coin mixers like Tornado Cash further complicates investigative efforts. Anoop Nannra, CEO of Trugard, explained that investigators face significant challenges in distinguishing between wallets associated with the hack and those belonging to innocent bystanders.