WazirX hack sees $200m in crypto swapped for ETH to thwart blocking

The stolen funds from the attack on the Indian cryptocurrency exchange WazirX on July 18 are being exchanged for Ether (ETH).

Data from on-chain tracker SpotOnChain shows that the attacker converted more than $200 million of the siphoned assets into ETH. At press time, the blacklisted wallet held 59,097 ETH.

15,298 ETH was stolen directly from WazirX’s multi-signature wallet, along with 200 other crypto assets, including $102 million worth of SHIB, $11.25 million worth of MATIC, $7.6 million worth of PEPE, $7.79 million worth of USDT, and $3.5 million worth of GALA.

Most of these assets were exchanged for ETH, and the wallet currently holds around $11 million worth of altcoins such as Chromia (CHR), Celer Network (CELR), Frontier (FRONT), and Ooki (OOKI) tokens.

Meanwhile, blockchain analytics firm Lookonchain highlighted that the hacker deposited 7.7 million DENT tokens into the Binance address, adding that the wallet “had not been used before.”

Rivo co-founder Lakov Levin told crypto.news that the hacker converted ERC-20 tokens to Ether due to its high liquidity. He also emphasized that “it is not possible to block ETH like stablecoins.”

ERC-20 tokens have a contract functionality that allows contract owners to maintain a list of addresses that are prohibited from participating in token transactions. This is typically implemented using a mapping structure in the smart contract that checks the blacklist before executing transfers, thus preventing any interaction with blacklisted addresses.

In contrast, ETH lacks this feature as it runs on the underlying Ethereum protocol, which does not allow address permissions to be changed.

Akhsay Nassa, co-founder of Chimp DEX, shared a similar view, saying that the attacker wanted to prevent funds from being frozen by the authorities.

“With a large, active market, ETH enables fast and fair trading. Moreover, numerous cross-chain bridges and exchanges enable easy movement between blockchains, further obscuring the trail,” he added.

The attack was the result of an exploitation of the exchange’s wallet management system, which included inconsistencies in the data displayed for Liminal, the exchange’s digital asset storage and wallet infrastructure provider.

“We suspect that the payload was modified to transfer wallet control to an attacker,” the WazirX team said in a statement regarding the incident.

Meanwhile, crypto sleuth ZachXBT suggested that North Korea’s Lazarus group may have been involved, while blockchain analytics firm Elliptic came to a similar conclusion.

WazirX has stopped both crypto and fiat withdrawals and promised to get the funds back.