200m Worth of Cryptocurrency Swapped for ETH in WazirX Hack to Avoid Obstacles
The recent hack on Indian cryptocurrency exchange WazirX has resulted in the stolen funds being converted into Ether (ETH). According to data from SpotOnChain, the attacker has already converted over $200 million worth of assets into ETH, with the blacklisted wallet currently holding 59,097 ETH. The hack saw 15,298 ETH stolen directly from WazirX’s multisig wallet, along with various other crypto assets, including $102 million worth of SHIB, $11.25 million worth of MATIC, $7.6 million worth of PEPE, $7.79 million worth of USDT, and $3.5 million worth of GALA. Most of these assets have been exchanged for ETH, leaving the wallet with around $11 million worth of altcoins such as CHR, CELR, FRONT, and OOKI tokens.
In addition to the ETH conversion, the hacker also made a deposit of 7.7 million DENT tokens to a Binance address. This transaction is noteworthy as the wallet had not been used before, according to blockchain analytics firm Lookonchain. Experts believe that the hacker chose to swap the ERC-20 tokens for ETH due to its high liquidity and the inability to block ETH like stablecoins.
ERC-20 tokens have a contract function that allows contract owners to maintain a list of prohibited addresses for token transactions. However, ETH does not have this feature as it operates on the core Ethereum protocol, which does not allow for the modification of address permissions. This lack of restrictions and the active market for ETH make it an attractive choice for the attacker, as it enables quick and fair trades and allows for easy movement between blockchains.
The attack on WazirX was a result of the exploit in the exchange’s wallet management system, which led to discrepancies in data displayed by Liminal, the provider of digital asset custody and wallet infrastructure for WazirX. The exchange suspects that the attacker replaced the payload to gain control of the wallets. There are speculations that North Korea’s Lazarus group may have been involved in the hack, with experts from Elliptic also reaching a similar conclusion.
In response to the hack, WazirX has temporarily halted withdrawals for both cryptocurrencies and fiat and is determined to recover the stolen funds.
