The hacker behind the $230 million WazirX heist has nearly finished laundering the stolen funds using Tornado Cash, while WazirX struggles with recovery efforts amidst criticism for its crisis management.
The hacker behind the infamous July hack of the WazirX cryptocurrency exchange, which resulted in the theft of over $230 million worth of tokens, is close to completing the laundering of the stolen funds. Blockchain tracking data reveals that only $6 million worth of ether (ETH) remains in the hacker’s possession, with most funds already laundered through the cryptocurrency mixer Tornado Cash.
Timeline of the Hack and Laundering Process
In July, WazirX, one of India’s largest cryptocurrency exchanges by trading volume, suffered a severe security breach in one of its multi-sig wallets. The attacker successfully drained over $100 million in Shiba Inu (SHIB), $52 million in ether, and other assets, amounting to nearly half of the exchange’s total reserves, as cited in a June 2024 report. The attack sent shockwaves through the Indian crypto community, given the scale of the heist.
The hacker has been strategically moving the stolen funds through several wallets before using Tornado Cash—a decentralized privacy service that obfuscates blockchain transactions. This strategy makes it challenging for law enforcement and blockchain analysts to track the stolen funds and identify the individual or group behind the attack. Tornado Cash, though not inherently illegal, is a popular tool for cybercriminals looking to clean their illicit earnings by breaking the link between the sender and recipient on the blockchain.
Since August, the hacker has been accelerating the laundering process. Over $50 million worth of tokens were sent through Tornado Cash in August alone, with even more significant activity in September. Just this Wednesday, a wallet associated with the hacker moved 3,792 ETH, valued at around $10 million, to another wallet, leaving only $6 million of the original stolen amount still at risk of being laundered.
Tornado Cash: A Double-Edged Sword
Tornado Cash, a mixer that allows users to exchange tokens while masking their identities, has been a focal point in blockchain-based money laundering. While it serves as a legitimate privacy tool for many users, its misuse by cybercriminals, particularly in high-profile hacks, has put it under scrutiny. Alexey Pertsev, one of Tornado Cash’s developers, was found guilty of money laundering by a Dutch court and sentenced to 64 months in prison in May. This high-profile case highlighted the tension between privacy-focused technologies and their potential exploitation by malicious actors.
WazirX’s Response and Ongoing Challenges
In the aftermath of the hack, WazirX has struggled to recover its reputation and financial stability. The exchange has initiated a restructuring process in Singapore, aiming to manage its liabilities effectively. However, efforts to recover the stolen funds have seen limited success, and WazirX has faced criticism for its handling of the crisis, particularly in terms of communication with affected users and transparency in the recovery process.
Amid the turmoil, Binance, which was previously linked to WazirX, has distanced itself from the exchange. Binance recently reiterated that it neither owns nor operates WazirX, a point of contention given previous claims made by WazirX founder Nischal Shetty. This clarification came as Binance sought to protect its reputation, given the escalating situation surrounding WazirX’s security breach.
What Lies Ahead?
As the hacker nears completion of laundering the stolen $230 million, WazirX’s future remains uncertain. The exchange is still reeling from the hack’s financial and reputational impact, while its users continue to seek answers and restitution. The incident also raises broader questions about the security and transparency of centralized cryptocurrency exchanges, as well as the risks associated with privacy services like Tornado Cash.
Disclosure: This article is intended for informational purposes only and does not constitute financial advice. Cryptocurrency investments are volatile and risky, and readers are advised to conduct their research or consult financial experts before making any investment decisions.