Ethereum
WazirX Attacker Converts $235M Stolen Into Ethereum, Holds Nearly 60,000 ETH
On-chain data shows that the WazirX operator converted most of the stolen assets from the Indian crypto exchange into Ethereum.
On July 18, WazirX was exploited for about $235 million in several digital assets, with blockchain investigators suggesting that the North Korea-backed Lazarus Group carried out the attack.
Although the exchange quickly implemented measures to stop the theft, recovery of the funds appears unlikely as the attacker is actively converting the stolen assets into ETH, the second-largest digital asset by market capitalization.
WazirX operator holds nearly 60,000 ETH.
Lookonchain Blockchain Analyst reported The WazirX attacker converted most of the stolen assets into 43,800 ETH, worth $149.46 million. This brings the total ETH held by the attacker to 59,097 ETH, valued at approximately $201.67 million.
Market observers have suggested that the asset conversion is part of a sophisticated money laundering technique that also involves the use of cryptocurrency mixing services like Tornado Cash to obfuscate transaction trails.
Despite this, the operator’s address still contains up to $15 million worth of other, relatively lesser-known digital assets. This includes 1.66 billion DENT, worth $1.56 million, and 6.76 million CHR, worth $1.72 million, among others.
Meanwhile, on-chain data shows that the exploiter sent 7.7 million DENT, worth $7,300, to a new Binance deposit address. Lookonchain said:
“It is worth noting that the WazirX operator deposited 7.7 million DENT ($7.3k) to a Binance deposit address that had never been used before.”
‘Force majeure’
An autopsy report Exchange data showed that the affected wallet used the services of Liminal, a digital asset custody and wallet infrastructure provider.
WazirX explained that the exploit was caused by a discrepancy between the data in Liminal’s interface and the contents of the transaction. He wrote:
“During the cyberattack, there was a mismatch between the information displayed on the Liminal interface and what was actually signed. We suspect that the payload was replaced to transfer control of the wallet to an attacker.”
The exchange also described the attack as a “force majeure” event beyond its control and assured that it was actively working to recover the stolen funds.