Precise figures have not been provided about the amount of Ethereum that the hacker moved, but reportedly a big chunk of it has been transferred to Tornado Cash-a highly controversial and U.S.-sanctioned cryptocurrency mixer. According to on-chain security firm PeckShield, the entity transferred 2,600 ETH into a mixing service worth approximately $6.5 million today.
The transaction is most likely intended to obscure tracing of the stolen assets. WazirX Hack in Brief On July 18th, 2024, WazirX became a victim of one of the largest cyber attacks related to cryptocurrency exchanges in India. The hackers trained their guns on the multi-signature wallet of the exchange, from where they extracted assets valued at over $230 million. Quite a serious breach it has been, given that this has caused ripples in operations on the exchange, which is unable to keep its collateral position rightly for its assets.
WazirX has been at the forefront of popularizing cryptocurrency trading among Indians. It has faced an uphill task in its effort to get on track following the attack. The breach shook not only the confidence of its users but also put the exchange under intense scrutiny from regulators and security experts all over the world.
#PeckShieldAlert #WazirX Exploiter -labeled address has transferred 2600.1 $ETH (worth ~$6.5M) to #Tornadocash within the last 9 hours
On July 18, India's #CEX WazirX suffered a major security breach, resulting in the theft of over $230 million in cryptos. pic.twitter.com/0QeKkleUyb— PeckShieldAlert (@PeckShieldAlert) September 3, 2024
Role of Tornado Cash
Tornado Cash is a decentralized mixer that was used by the hacker-allowing them to break the on-chain link between source and destination. Whereas it might be utilized to increase privacy for legitimate transactions, it has become a tool of choice for cybercriminals seeking ways of laundering cryptocurrency. The US Treasury Department in August 2022 put sanctions on Tornado Cash for having been used by malicious actors, including those responsible for ransomware attacks and hacks to launder their ill-gotten gains.
Routing the hacked funds through Tornado Cash is indeed a well-thought move by the hacker, and he’s likely to seek to increase the already high difficulty which the law enforcement agencies are faced with in tracking the stolen cryptocurrency back to its source. Using the mixer, the thief is able to get the money across to many wallets, which in turn makes tracking the flow of cash difficult.
Expert Take On Security
Observers Security companies and analysts have followed the trail of the missing funds since it emerged. PeckShield, blockchain security firm, was among the first to detect the move of 2,600 ETH into Tornado Cash. They noted that the challenge for law enforcement agencies lies in recovering the stolen cryptocurrency once it hits the mixer.
“Mixers like Tornado Cash are an effective way for cybercriminals to launder their stolen assets,” said a spokesperson at PeckShield. Once the funds enter a mixer, it becomes extremely difficult to trace their origin, making it a favored approach for hackers and other bad actors.”
The Larger Ramification
The fact that the WazirX hacker used Tornado Cash will likely reignite debates over the regulation of cryptocurrency mixers. Although these services provide better privacy for legitimate users, their extensive use by cybercriminals greatly hampers global efforts against money laundering and cybercrime. Of importance to WazirX, this transfer of funds to Tornado Cash presents yet another setback in its quest to regain losses.
Phase 2 Withdrawals Begin
The Indian cryptocurrency platform has initiated the second phase of withdrawals, launching a week earlier than the initially planned date of September 9. “Effective immediately, all qualified users are now able to withdraw up to the entire 66% of their INR holdings,” the exchange stated.
📢 INR Withdrawals Phase 2 Starts Early!
Starting today, all eligible users can now withdraw up to the full 66% limit of their INR balances.
Originally scheduled for 9th September, we’ve moved this up to provide quicker access. Thank you for your continued patience and support… pic.twitter.com/6I3BA220b2
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) September 3, 2024
What a race against the clock!
The exchange has raced against the clock to reduce the damage from the hack by cooperating with law enforcement agencies and putting in place additional security measures. But this complicates these efforts further by laundering stolen funds and underlining the challenges faced by cryptocurrency exchanges in securing their platforms against such sophisticated attacks.
Conclusion
As the WazirX hack is still unfolding, a transfer of stolen funds to Tornado Cash marks the new front of the cat-and-mouse battle between cybercriminals and law enforcement in the cryptocurrency space. It only serves as a reminder of those vulnerabilities that are part of the digital asset ecosystem and, therefore, require better security mechanisms in order to avoid such an attack in the time to come.
