Crypto mixer Tornado Cash is laundering thousands of stolen assets as the WazirX exploiter moves them to new wallets
The transfer of precisely 5,001 Ethereum from the exploiter’s address to a new wallet was recently indexed by the blockchain security platform Cyvers.
The recipient address, 0x5…a6a, was generated as a result of this transaction, which took place today at 06:53 UTC, as confirmed by on-chain data.
The new wallet initiated the laundering of the 5,000 ETH tokens through Tornado Cash in multiple quantities of 100 ETH, each valued at approximately $232,000, shortly after they were received. The address has transferred 3,600 ETH in 36 installments to the crypto mixer thus far.
The laundering scheme is currently in progress, and it is anticipated that the total amount will rise in the following hours, as evidenced by data from previous transactions.
This pattern is consistent with the conduct of the WazirX exploiter. The primary wallet held the tokens until six days ago, routing funds through new addresses to Tornado Cash, after accumulating over 43,800 ETH through numerous transactions following the hack.
Since September 12, the exploiter has transferred a total of 20,004 ETH to four distinct addresses, each of which has received 5,001 ETH.
This new wallet typically transfers the entire amount to Tornado Cash in 100 ETH increments, indicating that the most recent address still has 2,601 ETH remaining to launder.
In the interim, an additional primary wallet associated with the exploiter has also executed comparable transactions. A report on September 5 identified one of its 5,000 ETH transfers.
The WazirX breach, which took place in July, resulted in the loss of over $230 million in various crypto assets from the multi-sig wallet of the leading Indian exchange. The intruder subsequently initiated the process of converting the assets to Ethereum.
The exchange attributed the breach to a vulnerability in its custody provider, Liminal Custody. Nevertheless, the crypto custodian refuted these rumors.
It is intriguing that an audit conducted by Grant Thornton recently revealed that the exploit took place outside of Liminal.
In the midst of the ongoing laundering scheme, an X account that is dedicated to pursuing justice for the affected WazirX users suggested that the breach may have been involved by an insider.
This assertion was based on on-chain data and reports submitted to the Delhi police.
