WazirX, a prominent Indian cryptocurrency exchange, recently experienced a significant security breach resulting in the loss of approximately $235 million in crypto assets. Suspicions have arisen pointing towards North Korean hackers as the perpetrators behind the breach. The hackers swiftly moved the stolen assets, which consisted of over 200 different tokens, including substantial amounts of Shiba Inu, Ether, Matic, and Pepe. Elliptic, a blockchain analysis firm, reported on the breach, highlighting the scale and severity of the incident.
The breach was first detected by Cyvers Alert on July 18, 2024, when suspicious transactions involving WazirX’s Safe Multisig wallet on the Ethereum blockchain were identified. The stolen assets, totaling nearly $235 million, were quickly moved to a new address, with each transaction funded through Tornado Cash, a decentralized protocol for private transactions. This breach has severely impacted WazirX’s financial stability, as the exchange’s latest Proof of Reserve report showed total holdings slightly above $502 million.
Elliptic’s analysis has pointed to North Korean hackers as the likely culprits behind the breach, underscoring the sophisticated nature of the attack and the extensive scope of assets compromised. The use of Tornado Cash for laundering stolen crypto has raised concerns within the cryptocurrency industry, with North Korea allegedly laundering over $147.5 million in stolen crypto through the protocol. The incident highlights the ongoing challenges faced by cryptocurrency exchanges in safeguarding digital assets against sophisticated cyber threats.
In response to the hack, Arkham Intelligence announced a bounty for information leading to the identification of the hacker responsible for the breach. The bounty offers rewards for identifying a KYC-linked centralized exchange deposit, revealing the exploiter’s identity, or successful efforts to recover the stolen funds. Prominent blockchain investigator ZachXBT successfully solved the bounty by providing evidence of a KYC-linked deposit address used by the hacker to receive funds from the exploit. This information will aid WazirX in their investigation and recovery efforts.
The hack has significant implications for the Indian crypto community, which is already under pressure from stringent regulations and low trading volumes due to fees imposed on transactions. India’s Financial Intelligence Unit has previously blocked URLs of foreign crypto exchanges for non-compliance with local AML policies. The recent surge in cyber-attacks on crypto platforms, including WazirX, underscores the critical need for enhanced security measures within the industry to safeguard digital assets and protect investors from financial losses. With millions of funds lost in recent attacks, the importance of cybersecurity in the cryptocurrency space cannot be overstated.
