- The WazirX hacker has started moving funds to other wallets
- The hacker has moved over $50 million from multiple wallets to two wallets
- His actions come days after the exchange increased the bounty offering to $23 million or 10% of the total funds stolen
The WazirX hacker has been seen moving stolen funds into new wallets in what seems like a consolidation attempt. He has moved Ether (ETH) worth $57 million to two wallets with one of the wallets holding roughly $54 million in ETH according to an analysis by blockchain security firm PeckShield. The transferred funds are a small portion of the $230 million the attacker siphoned from the exchange and the transfer comes a few days after the exchange put a $23 million bounty on the hacker, raising questions about whether he’ll refund the funds or move them to crypto mixing services like Tornado Cash.
WazirX Hacker Also Selling Stolen Crypto
According to PeckShield’s analysis, this is the second time the attacker is moving the stolen funds with the last transfers also going into two wallets. Apart from consolidating the funds, blockchain analytics firm Nansen disclosed that the hacker is also liquidating some of the funds.
#PeckShieldAlert The #WazirX Hacker -labeled addresses has transferred ~16.35K $ETH (worth ~$57m) to 2 new addresses pic.twitter.com/AYqwXYxN15
— PeckShieldAlert (@PeckShieldAlert) July 22, 2024
Some of the stolen tokens that he has offloaded include Uniswap (UNI), Chainlink (LINK) and The Sandbox (SAND) which are worth over $8 million.
The @WazirXIndia Exploiter is back on the move…
In the past hour, they’ve moved 21.16b $BOB ($800k) and some smaller holdings that have also been sold. And a further 6.7m $CHR ($1.6m), was sent to a separate address and was sold a few minutes ago
This is after the… pic.twitter.com/L0zPf8Id0O
— Nansen 🧭 (@nansen_ai) July 22, 2024
WazirX has already launched two bounty programs in an attempt to recover the funds. The first bounty has a maximum reward of $10,000 and is open to people who can help freeze the stolen funds. The second bounty carries a maximum of $23 million and is for those who can help recover the funds.
In response to the recent cyber attack on one of our multisig wallets, we’re announcing a Bounty Program to recover the stolen assets. We invite the community to participate in:
Bounty 1: Track & Freeze — offering rewards up to $10,000 worth of USDT for actionable intelligence… pic.twitter.com/vxNQiZlJwM
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 21, 2024
Attacker Rehearsed for Over a Week
The hack, speculated to be conducted by North Korean hacking group Lazarus, happened after the attacker compromised the security of the exchange’s multi-sig wallet. Some in the crypto space said that the attackers practiced the hack for over a week.
With the attacker selling some of the crypto and consolidating the other bunch, it’s likely he doesn’t intend to return the funds.
