WazirX, the Indian crypto exchange, experienced a major security breach, with a hacker stealing a staggering $230 million from the platform. In an attempt to hide their tracks, the hacker has now started utilizing Tornado Cash to transfer the stolen funds. Tornado Cash provides a means for crypto users to exchange tokens while obscuring wallet addresses on different blockchains. While the service itself is not inherently malicious, it is often leveraged by criminals to conceal the flow of illicitly acquired funds.
The hacker has already moved almost $4 million worth of ether (ETH) through 16 transactions on the Ethereum network to a Tornado Cash router. Intriguingly, this specific router contains over $155 million in various tokens, primarily comprised of ether, with no prior history of funds being transferred through Tornado.
This latest incident follows WazirX’s previous security breach, which occurred in July and resulted in the loss of over $100 million in shiba inu (SHIB) and $52 million in ether, among other assets. These stolen funds constituted more than 45% of the exchange’s total reserves, as outlined in a June 2024 report. Consequently, WazirX has sought a restructuring process to address its liabilities.
Unfortunately for WazirX customers, the legal advisors stated that they are unlikely to recover their funds in full. The most optimistic scenario would see them receiving between 55% and 57% of their initial holdings.
It’s worth noting that the attack is believed to be the work of the North Korean hacking unit Lazarus, a group that has allegedly laundered over $1 billion in stolen funds through various means, including Tornado Cash, prior to being sanctioned by OFAC in 2022.