As a researcher with years of experience in blockchain security and digital forensics, I can confidently say that this situation is reminiscent of a cat-and-mouse game, where the WazirX exploiter seems to be one step ahead while we’re left piecing together the trail of their stolen assets. The use of Tornado Cash as a laundering tool is a common tactic in these scenarios, aiming to obfuscate the origin and destination of funds.
The WazirX exploiter continues to move thousands of the stolen assets across new wallets, with part of the latest batch laundered through crypto mixer Tornado Cash.
Blockchain security platform Cyvers recently indexed the transfer of exactly 5,001 Ethereum (ETH) from the exploiter’s address to a new wallet.
📣ALERT📣 The hacker who targeted WazirXIndia has moved 5,000 ETH (approximately $11.6 million) to a new wallet and deposited $1.4 million into Tornado Cash. To protect your own assets from such threats, book a demo to learn how to fortify your company’s security. 🚀— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 18, 2024
According to the on-chain records, the specified transaction took place at 06:53 UTC today and led to the generation of the recipient’s wallet address, which is 0x5…a6a.
Immediately following the acquisition of 5,000 Ether tokens, the newly created digital wallet started washing these funds through Tornado Cash, splitting them into numerous groups of 100 ETH on separate occasions, with each batch being approximately $232,000 in value. To date, this address has moved a total of 36 such batches, representing a transfer of 3,600 Ether to the cryptocurrency tumbler.
At the moment I’m closely monitoring the situation, and it appears that the money laundering operation continues unabated. Given the trends observed from past transactions, I anticipate the total sum involved might grow over the next few hours.
The way this pattern unfolds aligns with the actions of the WazirX exploiter. Following the hack, they amassed approximately 43,800 ETH across numerous transactions, and these tokens were kept in a main wallet for six days. More recently, funds have been moved through new addresses to Tornado Cash.
So far, the individual responsible for exploitation has moved 20,004 Ether to four distinct wallets, each receiving approximately 5,001 Ether since September 12th. These newly created wallets usually transfer the entire balance in chunks of 100 Ether to Tornado Cash, indicating that the latest wallet still holds around 2,601 Ether for laundering purposes.
Simultaneously, another main wallet linked to the exploiter has also performed comparable transactions. One of its Ethereum transfers totaling 5,000 ETH was noted in a report dated September 5.
Keep in mind that the cyber attack on WazirX, happening in July, resulted in a significant loss of approximately $230 million worth of various cryptocurrencies, which were taken from their multisignature wallet. Soon after the incident, the hacker started exchanging these stolen assets for Ethereum.
Initially, the exchange attributed the hack to a weakness in their custody service, provided by Liminal Custody. Yet, the cryptocurrency custodian refuted such assumptions. It’s worth noting that a recent audit conducted by Grant Thornton revealed that the breach actually took place beyond the boundaries of Liminal.
In the midst of the persistent money laundering case, a specific X account advocating for justice for affected WazirX users suggested that the hack might not only be external, but could potentially involve an insider as well. This theory is based on on-chain data and police reports submitted to authorities in Delhi.
Read More
Sorry. No data so far.
2024-09-18 12:08