WazirX hacked, clues point to North Korea involvement

The cryptocurrency world has been once again shaken. WazirX hacked and major Indian crypto exchange suffers from loss of virtual assets valued at over $230 million.

WazirX, which claims to have approximately 16 million users, is one of the largest crypto exchanges in India. The platform has been a key player in the country’s growing cryptocurrency market, facilitating trades and providing a gateway for many Indians to enter the world of digital assets.

However, this recent WazirX hacked news has cast a shadow over its operations and reputation.

So how did the WazirX hacked and what’s going on right now? Let us delve right into one of the biggest crypto events in India.

How did the WazirX hacked?

The WazirX hacked incident targeted a specific multi-signature wallet that was crucial to the exchange’s operations. This wallet had a complex security setup, involving six signatories – five from the WazirX team and one from Liminal, a digital asset custody and wallet infrastructure provider.

The typical transaction process required approval from three of WazirX’s signatories, followed by a final approval from Liminal’s signatory.

According to WazirXIndia on X, the attack exploited a discrepancy between Liminal’s interface and the actual transaction data. This vulnerability allowed the attacker to manipulate and gain control of the wallet, effectively bypassing the multi-signature security measures that were in place.

At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:

» Incident Overview: A cyber attack occurred in one of our multisig wallets…

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

The sophistication of this attack suggests that the perpetrators had a deep understanding of the exchange’s security protocols and were able to find a weak point in the system.

The WazirX hacked event has been described by the company as a “force majeure” event, a term typically reserved for unforeseeable circumstances that prevent someone from fulfilling a contract. This classification suggests that WazirX views the attack as something beyond their control and ability to prevent, despite their security measures.

Response and investigation were quick to act

In the wake of the WazirX hacked incident, the exchange took immediate action to mitigate further losses and begin the recovery process. WazirX halted all cryptocurrency withdrawals from the platform, a standard procedure in such situations to prevent any additional unauthorized transfers.

Crypto-enabled cybercrimes are on the rise

The company also revealed that it had blocked several deposits and reached out to affected wallet owners to assist with recovery efforts.

The investigation into the WazirX hacked event is ongoing, with the exchange working to uncover the full extent of the breach and identify the perpetrators. Blockchain analytics firms have already begun analyzing the movement of the stolen funds.

All the fingers points to North Korea

Lookchain, one such platform, has published a breakdown of the stolen assets and suggested that the attackers are already seeking buyers for the pilfered cryptocurrencies.

Elliptic, a UK-based blockchain analytics firm specializing in financial crime compliance, has noted that the perpetrators have started swapping some of the stolen tokens for Ether cryptocurrency using various decentralized services.

More alarmingly, Elliptic’s analysis of the blockchain transactions has led them to conclude that the thieves may be affiliated with North Korea, a nation known for its state-sponsored cryptocurrency hacking operations.

Elliptic suggests North Korean hackers are behind the attack (Image credit)

The involvement of North Korean hackers, if confirmed, would add another layer of complexity to the WazirX hacked incident. North Korea has a history of targeting cryptocurrency exchanges and using stolen funds to finance its nuclear weapons program and enrich its leadership, circumventing international sanctions.

As the investigation continues, WazirX has promised to keep its users and the public informed of any developments. The company has stated that it is “leaving no stone unturned to locate and recover the funds,” and is working with “the best resources” to aid in this effort.

Featured image credit: WazirX