As an analyst with over two decades of experience in the financial sector, I have witnessed numerous instances of fraud and manipulation, but the case of WazirX is particularly troubling. The audacious laundering of $64.97 million through Tornado Cash, coupled with allegations of insider involvement, raises serious questions about the integrity of India’s once-largest cryptocurrency exchange.
It’s been claimed that the person behind the WazirX hack has cleaned up more than $64 million by using Tornado Cash, with rumors swirling about possible internal collusion.
As reported by PeckShieldAlert on September 13th, the hacker responsible for the WazirX incident transferred approximately 5,000 ETH, equivalent to around $11.8 million, to a fresh address. Subsequently, they attempted to disguise the origin of the ill-gotten gains by routing them through the cryptocurrency mixing service Tornado Cash.
Warning from PeckShield: The individual behind the WazirX exploit has transferred another batch of approximately 5,000 ETH (around $11.8 million) to a fresh address 0xa4d1…9845. It appears they are preparing to clean these funds using a cryptocurrency mixer.— PeckShieldAlert (@PeckShieldAlert) September 13, 2024
Over the past few weeks, the perpetrator has successfully cleaned approximately 27,600 Ether, worth around $64.97 million, through this recent transaction.
When word got out about the funds being transferred, there were whispers suggesting potential insider complicity in the $230 million hack that brought down what used to be India’s leading crypto exchange – a revelation that left me, as an investor, feeling uneasy and concerned.
What are the allegations?
As a researcher, I’ve come across an account on platform X, named “Justice for WazirX Users.” This account, referencing unidentified sources and data derived from a First Information Report submitted to the Delhi Police, has highlighted some peculiar activities observed at the exchange prior to the alleged hack.
The accusations suggest that the perpetrator created a false Know Your Customer (KYC) profile to set up an account on WazirX, where they deposited cryptocurrency. This cryptocurrency was then exchanged for GALA tokens.
On July 18th (the day of the hack), the hacker initiated a series of token withdrawals, specifically GALA tokens, which led to an emptying of WazirX’s hot wallet. As a result, the exchange was compelled to transfer more GALA tokens from its cold storage, previously managed by Liminal, to refill the hot wallet.
In the course of this operation, it’s claimed that a hacker inserted harmful programming, resulting in the unsuccessful shift of tokens from offline (cold) storage to online (hot) storage. Further attempts by cold storage managers to move the funds were intercepted, allowing the attacker to seize their login details in the process.
As a researcher, I uncovered evidence suggesting that upon acquiring the necessary approvals, an individual, allegedly, leveraged the active login session of the WazirX team members to execute a conclusive transaction on Liminal’s platform. This action reportedly upgraded the WazirX cold wallet contract, which subsequently resulted in the security incident observed.
After the initial three signatures were given to Liminal, they completed the process by providing the fourth one, enabling the contract to advance to an upgraded version, as JfWU noted.
According to an examination by Crystal Intelligence, the computers used by essential staff for transaction signing remained secure. Additionally, a review conducted by Grant Thornton on Liminal’s system revealed no signs of a security breach, further adding to the perplexity.
It was suggested by JfWU that altering the smart contract of the cold wallet would have required inside help, which fueled speculation about potential internal collusion.
It hasn’t been verified yet, but both JfWU and some WazirX clients are asking for a comprehensive investigation by the Central Bureau of Investigation and the Enforcement Directorate regarding the case. They want the authorities to look into it closely.
Too many red flags, concerns, & malpractices. Everyone handling this both from @WazirXIndia & @liminalcustody should be investigated. The whole thing looks like @NischalShetty and/or @binance must be hiding something from its users. Should be investigated by @cbic_india @dir_ed
— HABEEB (@tkhabeeb) September 12, 2024
WazirX’s restructuring attempt faces hiccups
In the midst of ongoing turmoil, WazirX’s previously announced restructuring plan, on August 28, is encountering obstacles as the exchange is requesting client backing for an application seeking a moratorium under Singapore’s bankruptcy laws, hoping to gain approval from the Singapore court.
Initially, the process faced an obstacle when users criticized a poll that only provided a “Yes” option for supporting the application. In response to this negative feedback, WazirX management broadened the poll on September 12 by adding “No” and “No Position” options, enabling users to express their dissent, neutrality or continued support on the issue.
An affidavit from September 10, obtained by crypto.news, revealed that only 441 out of WazirX’s 4.4 million users had endorsed the proposal. A later affidavit indicated that a court hearing concerning the application for a moratorium will take place on September 25, 2024, in the Singapore High Court.
Read More
Sorry. No data so far.
2024-09-13 12:40