- WazirX exploiter moved 5,001 ETH to a new wallet, laundering 3,600 ETH through Tornado Cash.
- The hacker follows a consistent laundering pattern, splitting funds into 100 ETH batches, with more transfers expected.
- WazirX’s $230 million hack is still unresolved, with insider involvement now suspected, based on reports and on-chain data.
A significant development in the ongoing WazirX hack saga unfolded today as the exploiter continued laundering stolen assets. Blockchain security firm Cyvers reported that 5,001 Ethereum (ETH) was transferred from the exploiter’s address to a newly created wallet at 06:53 UTC. The wallet, 0x5…a6a, began laundering the funds shortly after the transfer.
The new wallet sent 3,600 ETH in batches of 100 ETH each, valued at approximately $232,000 per batch, to the crypto mixer Tornado Cash. This laundering process remains active, and on-chain data suggests that further transfers are expected. Cyvers has confirmed that 36 batches of 100 ETH have been moved so far, with 2,601 ETH still left in the wallet.
Pattern of Laundering
The current activity follows a similar pattern established by the WazirX exploiter in recent days. Since the exploit occurred, over 43,800 ETH has been collected from various sources and transferred to different wallets. Six days ago, the hacker began systematically routing these funds through new addresses and using Tornado Cash to obscure their origins.
The exploiter has so far distributed 20,004 ETH across four separate addresses, each receiving 5,001 ETH. In each instance, the hacker moves the entire sum through Tornado Cash in similar batches of 100 ETH. This consistent behavior indicates that laundering will continue until the full balance has been moved.
Background on the Hack
WazirX, a leading Indian crypto exchange, was hacked in July, resulting in the loss of over $230 million worth of assets. The stolen assets were primarily converted to Ethereum after the incident. WazirX initially pointed to Liminal Custody, its custody provider, for a security vulnerability that led to the hack. However, Liminal denied any involvement, and an audit by Grant Thornton later confirmed that the exploit occurred outside of Liminal’s systems.
Amid these developments, reports have emerged suggesting that the hack could have involved an insider. A social media account dedicated to advocating for affected users cited on-chain data and a police report filed in Delhi, further fueling these claims.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.