WazirX Hacker Launders $64M via Tornado Cash Amid Insider Allegations

The WazirX exploiter has laundered over $64 million via Tornado Cash, as allegations of insider involvement have surfaced.

According to reports, on Sep. 13, the WazirX hacker moved 5,000 ETH, roughly $11.8 million, to a new address before laundering the stolen funds via cryptocurrency mixer Tornado Cash to obscure the trail.

The WazirX exploiter-labeled address has moved the 5th batch of 5K ETH (worth ~$11.8M) to a new address, likely preparing to launder them through a mixer.

With this latest transaction, the attacker has laundered about 27,600 ETH, valued at approximately $64.97 million, over the past weeks.

As the attacker moved the funds, reports surfaced alleging possible insider involvement in the $230 million breach that impacted what was once India’s biggest cryptocurrency exchange.

Allegations of Insider Involvement

An account named Justice for WazirX Users, citing unnamed sources and data from a First Information Report filed with the Delhi Police, pointed out some unusual activities at the exchange before the hack.

The allegations claim the attacker used fake KYC information to open a WazirX account and deposited cryptocurrency, which was traded for GALA tokens. On July 18, the day of the breach, the hacker began withdrawing GALA tokens, depleting WazirX’s hot wallet. This forced the exchange to transfer additional GALA tokens from cold storage to replenish the hot wallet.

During this process, the hacker allegedly injected malicious code, causing the transfer of tokens from cold to hot storage to fail. As subsequent attempts were made by cold storage signatories to move the funds, the attacker managed to swipe their credentials in the process.

Having obtained the necessary signatures, the attacker allegedly used the WazirX team’s login session to initiate a final transaction on Liminal’s platform that upgraded the WazirX cold wallet contract, which ultimately led to the breach.

Once these 3 signatures were submitted to Liminal, they provided the final 4th signature, allowing the contract to be upgraded.

Audit Findings and Further Investigations

An analysis confirmed that the laptops of key personnel used for signing transactions were not compromised. A separate audit of Liminal’s system found no evidence of a custodial breach, leading to more confusion.

Justice for WazirX Users argued that modifying the cold wallet’s smart contract would have been difficult without insider cooperation, raising suspicions of internal involvement. The allegations are yet to be confirmed, but both JfWU and several WazirX customers are urging authorities to conduct a thorough investigation into the case.

WazirX’s Restructuring Attempt Faces Challenges

Amidst this chaos, WazirX’s restructuring process, announced on Aug. 28, is facing hurdles as the exchange seeks customer support for a moratorium application under Singapore’s insolvency laws.

However, the process hit a stumbling block as users expressed frustration over a poll that initially offered only a “Yes” option to support the application. Following backlash, WazirX management expanded the poll to include “No” and “No Position” options, allowing users to voice their opposition or remain neutral on the matter.

An affidavit showed that just 441 of WazirX’s 4.4 million users had come out in support of the proposal. A subsequent affidavit confirmed that a hearing on the moratorium application is set for Sept. 25, 2024, in the Singapore High Court.

Stay updated with the latest developments in the cryptocurrency world on Global Crypto News.