How India’s largest crypto theft of $230m was carried out

The 3 wallets in which the stolen 61,000 Ethereums are stored are on the watchlist, and the agencies will know when they are moved or converted to fiat money

Update: 2024-08-10 05:59 GMT
The thief has parked 61,000 Ethereum in 3 wallets (the current value of one Ethereum is more than ₹2 lakh). Representative image

WazirX, a cryptocurrency exchange in India, last month reported the loss of $230 million (almost ₹2,000 crores) of cryptos from one of its wallets, in what is India’s largest crypto theft. The stolen cryptos belonged to thousands of crypto investors.

The exchange reported the theft to Financial Intelligence Unit, the central cybercrime portal, and the Indian Computer Emergency Response Team. It also filed a police case in Delhi.

Two digital forensics firms that are involved in investigating major cyber and crypto crimes, Pelorus Technology and Crystal Intelligence, explained to NDTV how the theft was carried out.

Cryptos were stolen in 200 transactions on July 18

Crystal Intelligence uses a security tool to monitor crypto transactions on the blockchain in real time. Since WazirX had provided the identity of the wallet from which the theft had occurred, Crystal and other investigators examined the money trail and discovered that the cryptos were stolen in about 200 transactions on July 18.

The WazirX wallet was hacked and different crypto currencies worth about $230 million were transferred to the thief’s wallet.

‘Gas fee’

Prior to the theft, the thief had transferred crypto worth about $1,080 to his wallet from a wallet from Tornado Cash. This was in order to have sufficient money in his wallet to pay the “gas fee” – a fee charged by crypto exchanges for transactions.

Sanjeev Shahi, Country Manager, Crystal Intelligence, explained that Tornado Cash is a “mixing service”, similar to hawala operators who transfer money. The identity of the wallet’s owner is hidden.

The same day that the cryptos were stolen, they were transferred in smaller amounts in about 2,000 transactions to several wallets linked to two exchanges.

Stolen cryptos moved to 3 wallets

Over a period of about 4 days, between July 18 and July 22, about 95 per cent of the stolen cryptos were then transferred to 3 wallets, which do not seem to be linked to any exchange.

The thief however cannot use the cryptos. He has to convert them into “fiat money” – the currency of any country backed by a central bank as legal tender.

The moment the thief enters the real world and converts the cryptos into fiat money, the money will be transferred to his bank account and his identity will be revealed, said Shahi.

Shahi said the thief has parked 61,000 Ethereum in 3 wallets (the current value of one Ethereum is more than ₹2 lakh).

3 wallets with stolen cryptos on watchlist

Both Crystal Intelligence and Pelorus Technologies are keeping these 3 wallets on their watchlist. They say that there has been no movement in the wallets since the theft occurred.

Kaushal Bheda, a director of Pelorus, said his firm was keeping track of the wallets with its software, and will know as soon as the funds are transferred to any other wallet that is linked to terror finance.

But for now, the identity of the thief or thieves remains unknown.

Tags:    

Similar News