TL;DR
- WazirX Cyber Attack: Indian cryptocurrency exchange WazirX suffered a major cyber attack, resulting in the loss of approximately $235 million in digital assets. The breach targeted WazirX’s multi-signature wallets.
- North Korean Hackers Involved: Blockchain analytics firm Elliptic linked the theft to hackers with ties to North Korea. ZachXBT’s analysis also suggests the attack bears similarities to Lazarus Group tactics.
- Laundering and Ethereum Accumulation: The stolen assets were laundered through a mixing service called Tornado Cash. The hackers further obscured their tracks by swapping stolen crypto assets for Ethereum on decentralized exchanges (DEXs).
WazirX, a popular cryptocurrency exchange in India, was hit by a major cyber attack that led to the disappearance of around $235 million worth of digital assets. The breach, which occurred on Thursday morning, specifically aimed at the exchange’s multi-signature wallets.
Blockchain analytics firm Elliptic, in its latest report, has linked the theft to hackers with ties to North Korea. This assessment aligns with ZachXBT’s recent post on X, which suggests that the “WazirX hack has the potential markings of a Lazarus Group attack.” The incident marks one of the largest cryptocurrency thefts associated with the nation.
Ongoing Pattern of Attacks
Elliptic emphasizes that this breach is part of an ongoing pattern by North Korean groups targeting major players in the cryptocurrency industry. The stolen funds primarily consisted of various crypto assets, including Ethereum, Shiba Inu, PEPE, MATIC, and Floki.
Tracking the Digital Trail
ZachXBT’s investigation reveals that the stolen assets were moved to another address funded by the mixing service Tornado Cash—a platform commonly used to obscure the origin of crypto funds. As highlighted in previous attacks, laundering stolen assets through such methods is a hallmark of North Korean cybercriminals.
The hackers further complicated tracking by swapping the stolen crypto assets for Ethereum on decentralized exchanges (DEXs). This maneuver helps them avoid detection and increases the difficulty of tracing the funds.
Elliptic’s Response to WazirX’s Attack
Elliptic has recently enhanced its systems to identify and alert of any transactions linked to the compromised addresses. This proactive approach helps customers steer clear of unintentionally dealing with stolen funds.
ZachXBT found a deposit address linked to KYC that the criminal used to gather money from the WazirX security violation. Yet, the reliability of this clue hinges on whether the hacker disclosed their true identity while making the deposit. ZachXBT emphasizes, “KYC holds no significance as KYC-verified accounts are readily available for purchase online for under $100.”
Ethereum Accumulation
Despite the breach, market sentiment around Ethereum remains positive ahead of the imminent launch of a spot Ethereum ETF. The WazirX hacker successfully exchanged the stolen altcoins for Ethereum (ETH), amassing a total of 59,097 ETH (equivalent to around $201 million). Notably, only 15,298 ETH ($52 million) directly came from the exchange breach, while the remaining 43,799 ETH ($149 million) were liquidated from various assets.
In detail, the hacker liquidated 5.43 trillion SHIB ($90.2 million), 20.5 million MATIC ($10.2 million), and 640.27 billion PEPE ($7.48 million). The situation highlights the ongoing challenges in securing cryptocurrency exchanges and the need for robust security measures to protect users’ assets.
