Hackers of the WazirX cryptocurrency exchange laundered over $64 million via the cryptocurrency mixer Tornado Cash, raising suspicions of possible insider involvement in the $230 million breach.
Allegations of the Hack
On September 13, WazirX hackers transferred 5,000 ETH, equivalent to $11.8 million, to a new address before laundering the assets through Tornado Cash. Over the past weeks, hackers laundered approximately 27,600 ETH, valued at around $64.97 million. Suspicions of possible insider involvement in the $230 million breach surfaced, crippling India’s once-largest cryptocurrency exchange. The Twitter account Justice for WazirX Users, citing data from a First Information Report filed with the Delhi Police, pointed out unusual activities on the exchange before the hack.
Hacking Methods
According to the allegations, hackers used fake KYC information to open a WazirX account and deposited cryptocurrency, which was traded for GALA tokens. On the day of the breach, July 18, hackers began withdrawing GALA tokens, depleting WazirX’s hot wallet and forcing the exchange to transfer additional tokens from cold storage. During the process of transferring tokens from cold to hot storage, hackers allegedly injected malicious code, allowing them to gain managing signatures. The hackers used the WazirX team’s login session to activate a contract on Liminal’s platform, leading to the final breach. An analysis by Crystal Intelligence confirmed that the laptops of key personnel were not compromised, and an audit of Liminal by Grant Thornton found no traces of a hacking attack.
Reactions and Consequences
Allegations of insider involvement remain unconfirmed. However, JfWU and several WazirX customers are urging the Central Bureau of Investigation and the Directorate of Enforcement to conduct a thorough investigation. Meanwhile, WazirX’s restructuring process has faced hurdles: users expressed dissatisfaction with an initially one-sided poll supporting the moratorium. After the backlash, the poll was updated to include “No” and “No Position” options. On September 10, only 441 out of 4.4 million users supported the proposal. A hearing on the moratorium application is set for September 25, 2024, in the Singapore High Court.
Investigations into the WazirX hack and allegations of insider involvement continue. The WazirX team strives to rebuild user trust, but the restructuring process faces resistance.
Comments