Key Points
- The attacker has begun moving stolen funds through Tornado Cash, a sanctioned mixer, potentially complicating recovery efforts as WazirX undergoes restructuring.
- In July 2024, a hacker believed to be North Korea’s Lazarus Group stole over $230 million from the Indian crypto exchange WazirX, severely impacting the platform’s operations.
Massive Hack Targets WazirX
On July 18, 2024, cryptocurrency exchange WazirX fell victim to a major cyber attack targeting its multi-signature wallet. The breach resulted in a staggering loss exceeding $230 million, with hackers making off with significant amounts of various cryptocurrencies, including over $100 million in Shiba Inu (SHIB) and $52 million in Ether (ETH).
The attack’s severity became apparent when it was revealed that the stolen funds accounted for more than 45% of WazirX’s total reserves, as reported by the exchange in June 2024. This devastating blow has forced WazirX to freeze withdrawals and pause trading since July 21 as the team scrambles to mitigate the damage and explore recovery options.
Hacker Begins Laundering Process
Security firm PeckShield reported on Tuesday that the entity behind the WazirX hack has started moving the stolen funds. Specifically, the attacker transferred 2,600 ETH, valued at approximately $6.5 million, to Tornado Cash, a cryptocurrency mixer that the United States government has sanctioned.
Tornado Cash allows users to exchange tokens while masking wallet addresses across various blockchains. While the service isn’t inherently malicious, it’s a popular tool among cybercriminals seeking to obscure the trail of stolen funds. This move by the hacker is a common tactic employed to hinder law enforcement efforts in tracking and recovering stolen cryptocurrency.
Lazarus Group Suspected Users Face Losses
Security experts and investigators strongly suspect that the notorious North Korean state-sponsored hacking organization, the Lazarus Group, is behind this attack. The group has a history of executing high-profile crypto heists, including the $600 million Ronin sidechain hack in 2022.
The Lazarus Group is estimated to have laundered over $1 billion in stolen funds through Tornado Cash before U.S. sanctions were imposed on the mixer in 2022. This latest use of the platform demonstrates the ongoing challenge of preventing sophisticated cybercriminals from exploiting such services.
WazirX Undergoes Restructuring
In the wake of the hack, WazirX has initiated a restructuring process in Singapore to address its liabilities. The exchange’s legal advisers delivered sobering news to customers on Monday, stating that a full recovery of funds is unlikely. The best-case scenario suggests users may only recover between 55% and 57% of their original holdings on the platform.
This partial recovery plan indicates that losses will be socialized among WazirX users, meaning customers will not receive the total value of their cryptocurrency held on the platform at the time of the attack. The restructuring efforts underscore the severe impact of the hack on WazirX’s operations and its ability to maintain balanced collaterals against its assets.
As investigations continue and WazirX works through its restructuring process, this incident serves as a stark reminder of the ongoing security challenges faced by cryptocurrency exchanges and the potential risks for users in the volatile world of digital assets.