The hacker di WazirX ripulisce gli Ethereum rubati tramite Tornado Cash

The hackers of the Indian exchange WazirX are starting to clean the stolen Ethereum through the Tornado Cash protocol.

For the moment, only 6.5 of the 235 million dollars stolen have been sent to the decentralized mixer, which by its nature allows the elimination of past traces of some crypto.

Thus begins the “laundering” phase of the hack, with the exchange WazirX seeing fewer and fewer chances of recovering such assets.

Let’s see all the details below.

Thefts on Ethereum: the hacker begins to move the $235 million stolen from WazirX to Tornado Cash

On July 18, 2024, the Indian exchange WazirX suffered a heavy hack of 234.9 million dollars within the Ethereum cryptographic network.

On that day, over 200 different cryptocurrencies were taken away, including Shiba Inu, Ethereum, Tether, Polygon, Pepe, and Floki.

In particular, tokens SHIB were stolen for about 100 million dollars, causing a heavy drop in the price of the coin at that moment.

It is estimated that about 41% of the users of the platform (predominantly Indian) have lost money during the attack.

the theft amounts to over 45% of the total reserves mentioned by the exchange in a June 2024 report. Just a month after the hack, WazirX filed for restructuring with the Singapore authorities to offset the liabilities.

The fact that this legal issue was addressed in a court in Singapore rather than in India has created quite a few complaints from the platform’s customers.

In fact, the company “Zettai Pte Ltd”, holding of WazirX, is based in Singapore, even though 90% of the exchange’s users are of Indian nationality.

Source: https://x.com/ActusDei/status/1830430134903746634/photo/1

Behind the multimillion-dollar hack of WazirX, it is presumed that the North Korean hacker cartel Lazarus Group is behind it.

According to the cryptographic security company Elliptic, the attack shows techniques and schemes attributable to the modus operandi of the Lazarus group.

Even ZachXBT, a well-known cybersecurity expert, has confirmed the theory that the North Koreans are responsible for the unfortunate incident in the Ethereum ecosystem.

Specifically, the exploit occurred after the hackers induced WazirX employees to update its Safe Implementation Skeleton with a smart contract of phishing.

This led to the signing of a compromised transaction that allowed malicious actors to take control of the platform.

The cleaning of cryptographic traces: 6.5 million dollars already moved on Tornado Cash

According to the latest updates from the Ethereum world, it has emerged that the individuals responsible for the hack of the WazirX exchange are starting to launder the stolen funds through Tornado Cash.

The attackers, attributable to Lazarus Group, made 16 different transactions in the protocol during yesterday, moving a total of 6.5 million dollars.

For those who don’t know, Tornado Cash is a privacy-focused platform where users try to eliminate traces of past activities on certain tokens.

It is possible to deposit and withdraw only predetermined amounts of ETH, DAI, cDAI, and WBTC, so that from the outside it is difficult to determine the origin of all the funds.

By doing so, the tokens become “clean” and no longer associable with events such as hacks and exploits.

In the case of WazirX, the hackers used only Ethereum tokens for the first phase of laundering, while many funds remain in the criminals’ wallets.

The last interaction on Tornado Cash dates back to 16 hours ago, but it is not excluded that in the short term the responsible for the hack may once again besiege the protocol.

It is clear that moving hundreds of millions of dollars in ether in one go can put the hacker’s anonymity at risk, considering that the platform has a TVL of 457 million.

So let’s expect more deposits on Tornado Cash, or on other decentralized mixers, from now to the next few days.

We remind you that this dapp was a victim of OFAC sanctions in 2022, and its use by users can lead to a ban on other centralized platforms.

Furthermore, most RPC providers have blocked access to Tornado, making it more complex to access.

Wazirx hacker ethereum tornado cash
Source: https://platform.arkhamintelligence.com/explorer/entity/wazirx-hacker

At the moment the hackers still hold 59.156 ETH for a value of 148 million dollars, and many other minor tokens.

The compensation plan for customers affected by the WazirX hack 

After the latest updates regarding the WazirX hack on the Ethereum network and the subsequent transfer of funds to Tornado Cash, a full compensation to Indian users seems increasingly unlikely.

As indeed stated by the legal consultants of the exchange, it is likely that the subjects affected by the crypto theft will lose at least 43% of the funds.

The best-case scenario is a return between 55% and 57% of the funds, said George Gwee, director of the restructuring experts at Kroll.

Now after the company Zettai, whose subsidiary Zanmai India manages the exchange WazirX, has filed for restructuring in Singapore, another 30 days will pass before making a final decision.

In this time frame the platform will try to recover as many funds as possible, but in the current market conditions it is unlikely that the reimbursement can occur in crypto.

Indian clients only need to hope for a strong bull market in September, with WazirX at that point having greater liquidity to compensate the burned users.

The general manager of Kroll, Jason Kardachi, stated that the figures could change if a so-called “white knight” intervened or if the funds were recovered, among other options mentioned earlier.

In any case, after the recent movements of the hack money towards Tornado Cash, it appears increasingly difficult to recover the assets.

This story will likely not have a happy ending, but it will end up harming the weakest link in the sector, namely the end user.

In all this, there is also a legal dispute with Binance, the largest crypto exchange in the world. Shetty, CEO of WazirX along with his advisors, stated that before the controversy with Binance, the platform possessed 55% of the liquidity needed for compensations. A victory in court could slightly increase this share.

Source: https://en.cryptonomist.ch/2024/09/03/the-hacker-di-wazirx-ripulisce-gli-ethereum-rubati-tramite-tornado-cash/