WazirX hacker starts moving $230m stolen funds to Tornado Cash

The hacker who stole over $230 million in user funds from the Indian crypto exchange WazirX has begun moving assets through Tornado Cash. This movement started early Tuesday and marks a key step in the hacker's efforts to conceal the origins of the stolen assets.

As per the data tracked by Arkham, the hacker transferred nearly $4 million worth of ETH (100 ETH in 16 separate transactions) on the Ethereum network to a Tornado Cash router. This hacker address currently holds over $155 million worth of various tokens, with the majority being in ETH (about $150 million). Notably, this address had not previously moved any funds.

Tornado Cash, a decentralized service that allows crypto users to exchange tokens while masking wallet addresses across various blockchains, is often used by cybercriminals to launder stolen funds and avoid detection. While the service itself is not inherently illegal, its ability to hide transaction trails makes it a popular tool among hackers.

The $230M WazirX Hack

The WazirX breach, which occurred in July, targeted one of the exchange's multisig wallets, resulting in the loss of over $100 million in shiba inu (SHIB), $52 million in ether, and other assets. The stolen funds represented more than 45% of WazirX's total reserves as reported in June 2024. 

In response, WazirX has initiated a restructuring process to address its liabilities. WazirX’s legal team stated on Monday that customers are unlikely to recover their losses fully in cryptocurrency. 

A crypto trader and analyst, Iqbal Khan noted that WazirX customers could only recover 55% to 57% of their funds if stolen assets are never recovered. 

On the hacking allegations, the North Korean hacking group Lazarus is suspected to be behind the WazirX attack. Lazarus has a history of laundering stolen funds through Tornado Cash, reportedly moving over $1 billion in illicit funds through the service before it was sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) in 2022.