The hacker who stole over $230 million in assets from Indian cryptocurrency exchange WazirX has started moving funds through Tornado Cash, a service that obscures the trail of transactions.
The movement began early Tuesday, with the hacker transferring nearly $4 million worth of ether across 16 transactions on the Ethereum network, according to data from Arkham.
Tornado Cash enables cryptocurrency users to exchange tokens while masking wallet addresses on multiple blockchains. Although the service itself is not illegal, it is often employed by cybercriminals to conceal the digital trail of stolen funds.
The hacker’s address currently holds over $155 million worth of various tokens, including $150 million in ether. This address had not previously been linked to Tornado Cash transactions.
WazirX suffered a security breach in July, when more than $100 million in Shiba Inu tokens and $52 million in ether, along with other assets, were siphoned from a multisignature wallet. The stolen funds represented over 45% of the total reserves reported by WazirX in June 2024. In response to the breach, the exchange filed for restructuring to address its liabilities.
WazirX’s legal advisers stated on Monday that customers are unlikely to recover the full value of their assets in cryptocurrency, with potential refunds ranging between 55% and 57%.
As of July 18, when withdrawals were frozen, WazirX held $570 million for 4.35 million users, 94% of whom are from India. The platform still holds $284 million in assets. WazirX has set aside $12 million in cryptocurrency tokens to cover investigation and legal expenses.
The North Korean hacking group Lazarus is suspected to be behind the attack. The group is believed to have laundered over $1 billion in stolen funds through Tornado Cash before the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the service in 2022.
Last week, WazirX asked the Singapore High Court for a six-month moratorium to restructure its liabilities following a $234 million hack in July. Rival exchange CoinSwitch is considering legal action to recover $9.6 million in assets deposited on the platform.