North Korean Hackers Launder $11M Stolen from WazirX Crypto Exchange via Tornado Cash

A recent cyberattack on India‘s cryptocurrency exchange, WazirX, has intensified as over $11 million in stolen ether (ETH) was transferred to Tornado Cash, a platform that allows users to obscure the movement of cryptocurrency. This latest development marks a significant step in an ongoing investigation into the hack that occurred in July, when more than $230 million in digital assets were stolen from WazirX’s multisignature wallet.

The attack involved the theft of over $100 million in shiba inu (SHIB) tokens, $52 million in Ether, and various other assets, comprising a large portion of the exchanges reserves. Blockchain tracking platform Arkham revealed that more than 5,000 ETH, valued at over $11 million, was moved to a new address on Monday morning. Shortly after, $1.2 million worth of tokens were transferred to Tornado Cash in a series of five transactions.

Tornado Cash, while not illegal, is a service that has gained notoriety for being used by cybercriminals to mask the digital trail of stolen funds. It allows cryptocurrency users to exchange tokens without revealing their wallet addresses, thus complicating the task of tracking illicit transactions across multiple blockchains.

In addition to the recent transfers, the hacker responsible for the WazirX breach had previously moved $4 million from the stolen funds. Despite these movements, the wallet associated with the attack still holds more than $107 million in various tokens, with $100 million of that being in ether. This wallet had not been linked to Tornado Cash before the incident, but the use of the service is expected to further delay efforts to recover the stolen funds.

The Lazarus Group, a North Korean hacking collective, is suspected to be behind the breach. The group has been implicated in numerous high-profile cybercrimes and is believed to have laundered over $1 billion in stolen cryptocurrency through Tornado Cash before the U.S. Treasury Department sanctioned the platform in 2022. The group's involvement suggests a sophisticated and well-coordinated attack on the WazirX exchange.

WazirXs legal team has warned that customers may not be able to recover the full value of their stolen assets, estimating potential refunds to range between 55% and 57%. Meanwhile, WazirX has sought a six-month moratorium from the Singapore High Court to restructure its liabilities in the wake of the massive hack. Furthermore, rival exchange CoinSwitch is reportedly considering legal action to recover $9.6 million in assets that were deposited on the platform.

The full scope of the damage from the WazirX hack is still being assessed, but the involvement of the Lazarus Group and the use of Tornado Cash highlight the growing risks that cryptocurrency platforms face from cybercriminals seeking to exploit security vulnerabilities.