Allegations of Insider Involvement Emerge as WazirX Hacker Launders $64M via Tornado Cash

Allegations of Insider Involvement Emerge as WazirX Hacker Launders $64M via Tornado Cash

The WazirX exploiter has funneled over $64 million through Tornado Cash, fueling suspicions of insider involvement.

According to PeckShieldAlert, on September 13, the hacker transferred 5,000 ETH, valued at approximately $11.8 million, to a fresh wallet before utilizing the cryptocurrency mixer Tornado Cash to obfuscate the stolen funds. This latest move brings the total laundered sum to roughly 27,600 ETH, worth an estimated $64.97 million, over the past few weeks.

Alongside the illicit fund movements, reports have emerged suggesting potential insider complicity in the $230 million breach that severely impacted WazirX, once India’s leading cryptocurrency exchange.

Insider Involvement Allegations

An X (formerly Twitter) account, “Justice for WazirX Users,” citing unnamed sources and data from a First Information Report filed with Delhi Police, highlighted suspicious activities preceding the hack. According to the allegations, the attacker used fraudulent KYC information to open a WazirX account and deposited cryptocurrency, which was later traded for GALA tokens.

On July 18, the day of the hack, the attacker began withdrawing GALA tokens, depleting WazirX’s hot wallet. This forced the exchange to transfer additional GALA tokens from cold storage, managed by its former custodian, Liminal, to replenish the hot wallet.

During this transfer, the hacker allegedly inserted malicious code, preventing the tokens from moving between cold and hot wallets. As WazirX’s cold storage signatories attempted to rectify the issue, the hacker is said to have stolen their credentials in the process.

Armed with the necessary signatures, the attacker reportedly used the WazirX team’s login session to perform a final transaction on Liminal’s platform, upgrading the cold wallet contract. This modification ultimately led to the breach. “Once these three signatures were submitted to Liminal, they provided the final fourth signature, enabling the contract upgrade,” Justice for WazirX Users claimed.

Investigations and Audits Raise Questions

An investigation by Crystal Intelligence revealed that the laptops of key personnel involved in signing transactions had not been compromised. Meanwhile, an independent audit by Grant Thornton of Liminal’s system found no evidence of a custodial breach, adding further uncertainty to the situation.

Justice for WazirX Users has argued that altering the cold wallet’s smart contract would have been nearly impossible without internal cooperation, further intensifying suspicions of insider involvement. Although these allegations remain unproven, both the advocacy group and many WazirX customers are calling on the Central Bureau of Investigation (CBI) and the Enforcement Directorate (ED) to launch a comprehensive inquiry.

WazirX’s Restructuring Plan Faces Setbacks

In the midst of this turmoil, WazirX’s efforts to restructure, announced on August 28, have encountered difficulties. The exchange is seeking user approval for a moratorium application under Singapore’s insolvency laws to obtain court approval.

However, the process hit a roadblock when users expressed frustration over a poll that initially only allowed a “Yes” vote. Following backlash, WazirX management revised the poll on September 12 to include “No” and “No Position” options, giving users a chance to express their disapproval or remain neutral.

According to an affidavit obtained by crypto.news on September 10, just 441 of WazirX’s 4.4 million users supported the moratorium proposal. A subsequent affidavit confirmed that the Singapore High Court is set to hear the case on September 25, 2024.