The recent hack on Indian cryptocurrency exchange WazirX has sent shockwaves through the crypto community, with over $200 million worth of stolen funds being swapped for Ether (ETH) to thwart blocking attempts. According to data from the on-chain tracker SpotOnChain, the attacker has converted a significant portion of the siphoned assets into ETH, with the blacklisted wallet currently holding 59,097 ETH.
The hack, which took place on July 18, saw 15,298 ETH stolen directly from WazirX’s multisig wallet, along with 200 different crypto assets including popular tokens like SHIB, MATIC, PEPE, USDT, and GALA. Most of these assets have been exchanged for ETH, leaving the wallet with just over $11 million worth of altcoins such as Chromia (CHR), Celer Network (CELR), Frontier (FRONT), and Ooki (OOKI) tokens.
Blockchain analytics firm Lookonchain revealed that the hacker also made a deposit of 7.7 million DENT tokens to a Binance address, noting that the wallet had not been used before. Experts believe that the attacker chose to swap ERC-20 tokens for ETH due to its high liquidity and the inability to block ETH like stablecoins.
Lakov Levin, co-founder of Rivo, explained that ERC-20 tokens have a contract function that allows owners to maintain a blacklist of addresses prohibited from participating in token transactions. This feature is not available for ETH, as it operates on the core Ethereum protocol, making it impossible to modify address permissions.
Akhsay Nassa, co-founder of Chimp DEX, echoed this sentiment, stating that the attacker likely chose ETH to prevent the funds from being frozen by authorities. He highlighted ETH’s active market and cross-chain bridges, which enable quick and fair trades while obscuring the trail.
The attack on WazirX was attributed to discrepancies in the exchange’s wallet management system, with suspicions that the payload was replaced to transfer wallet control to the attacker. Speculation has arisen that North Korea’s Lazarus group may have been involved, with blockchain analytics firm Elliptic supporting this theory.
In response to the hack, WazirX has halted withdrawals for both crypto and fiat and has pledged to recover the stolen funds. The incident serves as a stark reminder of the vulnerabilities present in the cryptocurrency space and the importance of robust security measures to protect users’ assets.