In a high-stakes game of digital hide-and-seek, the hacker responsible for the massive $235 million theft from Indian crypto exchange WazirX has just moved $6.5 million worth of stolen Ethereum through the infamous Tornado Cash, a crypto mixer notorious for helping criminals launder their ill-gotten gains.
Blockchain security platform Cyvers shared the details in a September 3 post, revealing that the hacker transferred 2,600 ETH, valued at about $6.5 million at current prices, to Tornado Cash in an apparent attempt to scrub the stolen funds clean and hide their digital fingerprints.
WazirX’s Withdrawal Drama Continues Amid the Hack
The hacker’s move comes just days after WazirX made an unexpected announcement: it had started allowing users to withdraw up to 66% of their Indian Rupee (INR)-denominated balances—almost a full week ahead of schedule. On September 3, WazirX took to X (formerly Twitter) to inform users that the withdrawal window, initially set to open on September 9, was moved forward in an effort to give customers quicker access to their funds.
For many, this was a relief after the devastating July 18 hack, which crippled the exchange. The company is currently in the midst of a staggered recovery plan that includes unlocking Indian Rupee withdrawals, which started on August 26. However, WazirX warned that 34% of rupee-denominated balances remain “frozen” due to ongoing investigations with law enforcement agencies.
Tornado Cash and the Race to Launder Stolen Crypto
Meanwhile, the hacker responsible for the WazirX breach has been busy moving stolen funds through Tornado Cash, a tool that allows users to anonymize their crypto transactions, making it harder for authorities to trace stolen funds. By September 3, the wallet address linked to the hacker had shifted 2,600 ETH to the mixer in 26 separate transfers of 100 ETH each, all within the span of just one hour. The total value of these transfers amounted to around $6.5 million at current Ethereum prices.
Before the transfers began, the hacker’s wallet held $6.7 million in total, but after the whirlwind of transactions, just $154,000 remained in the address, according to tracking data from DeBank. Tornado Cash, having been sanctioned by the U.S. government due to its association with illicit activity, remains a go-to tool for hackers looking to obfuscate the origins and destinations of stolen crypto.
WazirX’s Legal Battle and Ongoing Restructuring Efforts
While the hacker was busy moving the stolen funds, WazirX was dealing with its own mess. The exchange, which is under scrutiny following the hack, has also had to navigate legal issues surrounding its restructuring process. In particular, WazirX has been working with law enforcement agencies to resolve the stolen funds issue and is pursuing legal proceedings in Singapore, where it has chosen to base its legal restructuring efforts.
In a move to regain trust, WazirX has worked to re-establish a functioning financial system, including limited crypto withdrawals and full Indian Rupee access. But challenges remain. In an August 23 update, the exchange admitted that 34% of INR balances were still frozen, with no immediate access available.
Despite these setbacks, the company has shown signs of progress, particularly with the early withdrawal option, indicating that it’s actively working on a way forward to restore full operations. However, the shadow of the hack still looms large, and with the legal battles still unfolding, WazirX’s future remains uncertain.
Looking Ahead: A Race Between Authorities and Hackers
As the WazirX hacker continues to launder stolen funds through Tornado Cash, the crypto community is watching closely. The case highlights the growing use of crypto mixers in laundering schemes and the ongoing battle between hackers and regulatory authorities trying to track illicit transactions in the decentralized world of digital currencies.
For WazirX, the journey to restore confidence and resume normal operations is far from over. With legal issues in Singapore and investigations still underway, it’s clear that the aftermath of the hack will continue to unfold over the coming months. The question remains: can WazirX fully recover, and will the authorities be able to trace the remaining stolen funds?
