This morning, India’s largest exchange WazirX was hacked – hackers stole assets worth over $234.9 million. This situation once again highlights the importance of not storing assets in exchange wallets and being careful when choosing the platform you work with.
But that’s not what we’re talking about – immediately after the hack, the wallet to which the fraudsters transferred the assets was leaked online.
It was quite easy to follow their next steps, so below we leave a link to the wallet, as well as show – exactly what assets were stolen and how the hackers are acting further.
WazirX exchange hack
Cyvers Alerts was the first to report it – having detected “multiple suspicious transactions” involving the Safe Multisig wallet on Ethereum.
According to the report, a total of $234.9 million in funds were transferred to the new address. And what is quite interesting – they also emphasized that the initiator of the transaction is funded by Tornado Cash.
Seed funding via Tornado Cash
On 8 July at 15:03 UTC, wallet ‘0xc68’ received 1 ETH from Tornado Cash.
A corresponding deposit of 1 ETH was made to wallet ‘0x87c0’ 9 hours earlier.
Transaction Tracking
Tracing from wallet ‘0xc891’, we can see that it was funded with two transactions of 0.36 ETH and 0.66 ETH on 8 July.
These transactions came from the exchange wallet ‘0xc2fdc2’ and another wallet ‘0xa626’.
End of tracking:
Tracking ends as the BTC appears to be coming from an unknown service, making further tracking difficult.
ZachXBT notes that the hack shows potential signs of a Lazarus Group attack and calls on the WazirX team to be transparent in their actions.
The Lazarus Group is a cybercrime group that has been linked to North Korea. They are known for their sophisticated and large-scale cyber attacks around the world.
At the moment, the Indian exchange has temporarily suspended the withdrawal of cryptocurrencies and Indian rupees on the platform.
Is the hacker selling assets for ETH?
Exchange address – Click to view
Wallet analysis with ArbitrageScanner.io
Attacker’s wallet “0x04b2” in the spotlight – Click to view the wallet address
The “0x04b2” wallet has come under scrutiny as it has begun to dump these assets on the market. Specifically, the wallet has already sold 640.27 billion PEPE tokens worth approximately $7.6 million.
After analyzing the wallet, we attach below a detailed list of assets stolen by WazirX
- 5.43 trillion SHIB ($102 million)
- 15,298 ETH ($52.5 million)
- 20.5 million MATIC ($11.24 million)
- 640.27 billion PEPE ($7.6 million)
- 5.79 million USDT
- 135 million GALA ($3.5 million)
So far, the attacker has unloaded all of his PEPE, GALA, RNDR, COS, OGN, and REQ, among others, and received 5,270 ETH ($18.14 million) in return. Apparently he continues to sell assets for ETH.
Add the hacker’s other wallets so you can also analyze their transactions and monitor changes in real time.
→ 0x35febC10112302e0d69F35F42cCe85816f8745CA
→ 0x90ca792206eD7Ee9bc9da0d0dF981FC5619F91Fd
1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations. https://t.co/gLHu05sXWZ pic.twitter.com/eFRNdLtACB
— ZachXBT (@zachxbt) July 18, 2024
Implications and Market Reaction
The scale of this asset movement is significant, raising questions about the security measures in place at WazirX and the potential market impact of such a large asset dump. The cryptocurrency community and investors are closely monitoring the situation and awaiting further updates from WazirX and other authorities involved in the investigation of this incident.
Are your funds at WazirX safe?
At this point, things don’t look good. Crypto and INR withdrawals are paused. It is always best to practise self custody. It will be interesting to see how Indian Government responds, post Wazirx hack.
Stay tuned with Cryptobullsclub.com for more information.