<img src="https://crypto.news/app/uploads/2024/03/crypto-news-hacker-option03.webp” />
The WazirX exploiter continues to move thousands of stolen assets through new wallets, with part of the latest batch being laundered through the Tornado Cash cryptocurrency mixer.
Blockchain security platform Cyvers recently indexed the transfer of exactly 5,001 ethereum (eth) from the exploiter's address to a new wallet.
<figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter“/>
On-chain data confirms that this transaction occurred today at 06:53 UTC, resulting in the creation of the recipient address. 0x5…a6a.
Shortly after receiving the 5,000 eth tokens, the new wallet began laundering them via Tornado Cash in multiple batches of 100 eth, worth approximately $232,000 each. So far, the address has moved 36 batches, totaling 3,600 eth, to the cryptocurrency mixer.
At the time of writing, the money laundering scheme is still ongoing and the total amount is likely to increase in the coming hours, as suggested by previous transaction data.
This pattern is consistent with the behavior of the WazirX attacker. After accumulating over 43,800 eth through multiple transactions following the attack, the main wallet held the tokens until six days ago and sent the funds to Tornado Cash via new addresses.
To date, the attacker has transferred 20,004 eth to four different addresses, each of which received 5,001 eth since September 12. These new wallets typically transfer the entire amount to Tornado Cash in batches of 100 eth, suggesting that the most recent address still has 2,601 eth left to launder.
Meanwhile, another major wallet linked to the exploiter has also made similar transactions, with one of its 5,000 eth transfers being identified in a Sept. 5 report.
Recall that the WazirX hack, which occurred in July, caused the major Indian exchange to lose over $230 million worth of various crypto assets, extracted from its multi-sig wallet. Soon after, the hacker started converting the assets into ethereum.
The exchange attributed the attack to a vulnerability in its custody provider, Liminal Custody. However, the cryptocurrency custodian denied these speculations. Interestingly, a Grant Thornton audit recently found that the vulnerability occurred outside of Liminal.
Amid the ongoing money laundering scheme, an x account dedicated to seeking justice for affected WazirX users claimed that the attack may have also involved an insider, citing on-chain data and reports filed with police in Delhi.
