As an analyst with over two decades of experience in cybersecurity and cryptocurrency markets, I find myself deeply concerned about the recent WazirX hack. The rapid movement and laundering of stolen funds is a stark reminder of the challenges we face in this digital frontier. The use of Tornado Cash, a decentralized crypto mixer, to conceal transactions is a familiar tactic employed by attackers seeking anonymity.
In just under two months since the WazirX hack valued at approximately 20 billion rupees, the suspected hacker has already transferred over 14 billion rupees’ worth of cryptocurrencies to various accounts with the intention of laundering them. This action significantly reduces any chances of recovering the stolen funds.
As an analyst, on July 18th, 2024, I experienced a significant security breach at WazirX, where one of our multi-sig wallets was compromised. The attacker successfully drained various digital assets from this wallet, including approximately 5.4 trillion SHIBA INU (SHIB) tokens worth around $102 million, 15,298 Ethereum (ETH) valued at about $52.5 million, 20.5 million MATIC worth $11.24 million, and smaller amounts of GALA and PEPE tokens.
Post-Hack Major Funds Movement
Following the breach on 18th July, the actions of the cybercriminal commenced. They shifted approximately $102 million in SHIB, $52.5 million in ETH, and $11.24 million in MATIC. Additionally, they moved significant amounts of PEPE ($7.6 million) and other altcoins like GALA to various other wallets. In a manner consistent with many other attackers, the hacker employed Tornado Cash – an anonymous cryptocurrency tumbler often used for masking transactions – to clean their ill-gotten gains.
The hacker started offloading chunks of the pilfered resources a few days after the breach, swiftly unloading over 200 billion SHIB tokens. Additionally, they dispersed more than 1 trillion SHIB among various digital wallets. At that point, SHIB represented the hacker’s most significant hoard. By the end of August, they had offloaded or transferred around $130 million worth of assets.
Recently, the hacker moved another 5000 Ether to Tornado Cash, secretly rejoicing over two months of successful hacking. Current information from SpotOnchain indicates that the hacker retains approximately $60 million worth of pilfered funds across sixteen different accounts.
Community and Regulatory Response
As a researcher delving into the realm of digital assets, I cannot stress enough the necessity of fortified security mechanisms for platforms responsible for managing vast sums of user funds. The recent breach at WazirX, where a hacker manipulated their multi-signature wallet and used Tornado Cash to transfer funds, serves as a stark reminder of the weaknesses inherent in our current security frameworks. It’s evident that crypto exchanges globally need to reconsider their defenses against such intricate exploits, ensuring they are well-prepared for future threats.
Read More
Sorry. No data so far.
2024-09-18 16:20