Indian Exchange WazirX Hacked for $230 Million by North Korean Group

WazirX, a prominent Indian crypto exchange, was hacked for $230 million, representing 45% of its AUM (assets under management). 

On-chain analysis reveals the hack was carried out by the infamous North Korean Lazarus group. The hack originated from the exchange’s multisig wallets getting breached. It held 200 kinds of digital assets, including SHIB, ETH, USDT, MATIC, PEPE, and more.

WazirX took to X to announce the unfortunate hack, “We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident.” 

Update: We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding.…

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

The exchange has paused withdrawals until further notice, “To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused.”

Blockchain investigation firm Elliptic connected the hack to North Korean origins, “On-chain analysis and other information reviewed by Elliptic indicates that this hack was perpetrated by hackers affiliated with North Korea.” 

ZachXBT, an independent blockchain investigator, shared the same belief, stating on X, “All I can say is the WazirX hack has the potential markings of a Lazarus Group attack (yet again).”

6/ This is where my tracing ends as the BTC appears to come from an unknown service making it difficult to trace.

All I can say is the WazirX hack has the potential markings of a Lazarus Group attack (yet again)

Hopefully the WazirX team will be transparent with their… https://t.co/IjzlI76TRQ

— ZachXBT (@zachxbt) July 18, 2024

Tarun Mangukiya, the co-founder of Copperx, mentioned that WazirX had probably signed a transaction on a phishing contract, leading to the North Korean hackers accessing its multisig wallet.

“@WazirXIndia upgraded Safe Implementation Skeleton with phishing one (in last 8 days).” 

Questions arise about how numerous people in the WazirX team signed a transaction that let hackers commit a phishing attack. Multisig wallets are often considered highly secure because multiple participants sign transactions.

Lazarus Group, by committing this hack, adds another high-profile attack to its portfolio. It has wreaked havoc in the crypto space since 2017 and conducted other well-known hacks as early as 2010. 

The North Korean outfit was also responsible for the Ronin bridge hack, resulting in losses of $650 million.