Share this article
WazirX Hacker Starts to Move Stolen Ether Using Tornado Cash
The Indian crypto exchange was hacked for over $230 million in July, and a restructuring process is underway in Singapore.
Updated Sep 3, 2024, 2:32 a.m. Published Sep 3, 2024, 2:32 a.m.
- The hacker stole $230 million from WazirX and began transferring funds through Tornado Cash.
- The hacker started moving nearly $4 million worth of ether to obscure the transaction trail.
- WazirX is undergoing restructuring after the hack and customers are expected to recover only 55%-57% of their funds.
The hacker entity that stole over $230 million in user assets from Indian crypto exchange WazirX started to move funds using Tornado Cash early Tuesday, beginning a move that allows them to obfuscate the trail of funds.
Tornado Cash allows crypto users to exchange tokens while masking wallet addresses on various blockchains. The service, by itself, is not nefarious but is commonly used by crypto criminals to clean an online trail that could lead to the identity of those moving stolen funds.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The attacker moved nearly $4 million worth of ether in 16 transactions on the Ethereum network, data tracked by Arkham shows, to a Tornado Cash router. The address holds over $155 million worth of various tokens - with a majority in ether at $150 million - and has previously not moved any funds to Tornado.
In July, WazirX was hit by a security breach in one of its multisig wallets, causing over $100 million in and $52 million in ether, among other assets, drained from the exchange.
The stolen funds accounted for over 45% of the total reserves cited by the exchange in a June 2024 report – and the exchange has since filed for a restructuring process to clear liabilities.
WazirX’s legal advisers said on Monday that customers are unlikely to be made whole in crypto terms, with the best-case scenario being a return of anywhere between 55% and 57% of the funds.
North Korean hacking unit Lazarus is believed to be behind the attack, as previously reported. The group is estimated to have laundered over $1 billion in stolen funds through the service before OFAC sanctions in 2022, per estimates.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Coinbase Sees Crypto Recovery Ahead as Liquidity Improves and Fed Rate Cut Odds Climb
The crypto exchange also took note of a so-called AI bubble that continues to go strong and a weaker U.S. dollar.
What to know:
- Coinbase Institutional is seeing a potential December recovery in crypto, citing improving liquidity and a shift in macroeconomic conditions that could favor risk assets like bitcoin.
- The firm's optimism is driven by rising odds of Federal Reserve rate cuts, with markets pricing in a 93% chance easing next week, and improving liquidity conditions.
- Several recent institutional developments, including Vanguard's crypto ETF policy reversal and Bank of America's greenlighting of crypto allocations, have contributed to bitcoin's rebound from recent lows.
Top Stories
