The WazirX exploiter continues to move thousands of the stolen assets across new wallets, with part of the latest batch laundered through crypto mixer Tornado Cash.
Blockchain security platform Cyvers recently indexed the transfer of exactly 5,001 Ethereum (ETH) from the exploiter’s address to a new wallet.
On-chain data confirms that this transaction occurred today at 06:53 UTC, resulting in the creation of the recipient address, 0x5…a6a.
Shortly after receiving the 5,000 ETH tokens, the new wallet began laundering them through Tornado Cash in multiple batches of 100 ETH, worth roughly $232,000, each. So far, the address has moved 36 batches, amounting to 3,600 ETH, to the crypto mixer.
As of press time, the laundering scheme is ongoing, with the total amount likely to increase in the coming hours, as data from previous transactions suggest.
This pattern is consistent with the WazirX exploiter’s behavior. After accumulating over 43,800 ETH through multiple transactions following the hack, the primary wallet held the tokens until six days ago, routing funds through new addresses to Tornado Cash.
To date, the exploiter has transferred 20,004 ETH to four different addresses, each receiving 5,001 ETH since Sept. 12. These new wallets typically transfer the entire amount to Tornado Cash in 100 ETH batches, suggesting the most recent address still has 2,601 ETH left to launder.
Meanwhile, another primary wallet tied to the exploiter has also carried out similar transactions, with one of its 5,000 ETH transfers identified in a report on Sept. 5.
Recall that the WazirX hack, which occurred in July, saw the leading Indian exchange lose over $230 million in several crypto assets, siphoned from its multi-sig wallet. Shortly after, the hacker began converting the assets for Ethereum.
The exchange blamed the hack on a vulnerability from its custody provider Liminal Custody. However, the crypto custodian denied these speculations. Interestingly, an audit from Grant Thornton recently found that the exploit occurred outside Liminal.
Amid the ongoing laundering scheme, an X account dedicated to seeking justice for affected WazirX users asserted that the hack could have also involved an insider, citing on-chain data and reports filed with the police in Delhi.
