Gushiken Yona
Blockchain analytics firm Arkham Intelligence has tracked the movement of over $11 million in ether (ETH) by the North Korean hackers believed to be rеsponsible for the July hack on India’s WazirX crypto exchange. The funds were moved to the mixing service Tоrnado Cash early Monday morning, raising concerns about the hackers’ attempts to obfuscate the stolen assets.
North Korean Hackers Move Funds
Arkham’s on-chain data analysis reveals that the hackers moved over 5,000 ETH, worth just over $11 million at current prices, from a wallet associated with the WazirX heist to a new address at 07:19 UTC on Monday. Shortly thereafter, $1.2 million in tokens from that address were sent to Tornado Cash in five separate transactions.
While Arkham Intelligence has not definitively confirmed that the funds moved on Monday were directly from the WazirX hack, the timing and the association of the wallet with the North Korean hackers, combined with the earlier analysis pointing towards the Lazarus Group, strongly suggest a connection.
This highlights the ongoing challenges faced by law enforcement and cryptocurrency exchanges in tracking and recovering stolen funds. The use of mixing services like Tornado Cash adds anоther layer of complexity to the already difficult task of combating cybercrime in the cryptocurrency space.
North Korean Hackers’ Lazarus Group Suspected
The WazirX hack, which resulted in the loss of over $100 million in SHIB, $52 million in ETH, and other assets, was a significant blow to the Indian crypto exchange. The exchange has been grappling with the fallout, including restructuring efforts to manage the crisis.
Related: Memecoins Are Not Dead: Why 2026 Marks the Biggest Comeback in Crypto History
Just days after the July 18 WazirX hack, independent crypto sleuths likе ZachXBT and cybersecurity firm Cyfirma pointed fingers towards the Lazarus Group, a notorious North Korean hacking collective, given the modus operandi of the attack.
1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations. https://t.co/gLHu05sXWZ pic.twitter.com/eFRNdLtACB
— ZachXBT (@zachxbt) July 18, 2024
Blockchain analytics firm Elliptic in July said, “On-chain analysis and other information reviewed by Elliptic indicates that this hack was perpetrated by hackers affiliated with North Korea.” Elliptic also noted at the time, “has added the address associated with the thief to our system, ensuring that our clients will be alerted if they receive any of these funds.”
Related: Binance Founder Zhao Says Lack of Privacy Hampers Crypto Payments Growth
The incident underscores the importance of robust security measures for cryptocurrency exchanges and the need for increased vigilance in the face of evolving cyber threats. WazirX has stated that it is cooperating with law enforcement agencies in its investigation and is taking steps to enhance its security protocols to prevent future attacks.
Read More
- Hackers Buy the Dip Amid Crypto Bloodbath
- North Korean Crypto Heist Spree: ETFs Now in the Crosshairs
- WazirX vs Liminal Custody: The $230M Crypto Blame Game
YONA GUSHIKEN
Yona brings a decade of experience covering gaming, tech, and blockchain news. As one of the few women in crypto journalism, her mission is to demystify complex technical subjects for a wider audience. Her work blends professional insight with engaging narratives, aiming to educate and entertain.
