WazirX reportedly hacked by North Korean hackers

Indian cryptocurrency exchange WazirX was the victim of a security breach on 18th July, 2024. And reports are now coming that this was a North Korean hacker group’s job.

A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million,” the company stated. “This wallet was operated utilizing the services of Liminal’s digital asset custody and wallet infrastructure from February 2023.” The Mumbai-based company explained that the attack was due to a mismatch between the information displayed on Liminal’s interface and what was actually signed. The payload was altered to transfer wallet control to an attacker.

Crypto custody firm Liminal is one of the six signatories on the wallet, responsible for transaction verifications. “Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised,” Liminal said on X.
They added, “It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform.”

Blockchain analytics firm Elliptic suggested that the attack resembles those conducted by North Korean threat actors, who swapped the stolen crypto assets for Ether using decentralized services. Crypto researcher ZachXBT on X also noted, “the WazirX hack has the potential markings of a Lazarus Group attack (yet again).” North Korean actors have a history of cyber attacks on the cryptocurrency sector since at least 2017 to circumvent international sanctions.

Src: Elliptic

This incident is set against the backdrop of Operation Spincaster, a coordinated law enforcement effort that dismantled scam networks profiting from approval phishing. Chainalysis described this tactic, where scammers trick users into signing a malicious blockchain transaction, enabling the scammer to drain the victim’s wallet of tokens. This method has reportedly stolen $2.7 billion since May 2021.