WazirX Hack Aftermath: North Korean Hackers Suspected of Stealing Funds From Indian Crypto Exchange

Share

WazirX was impacted in a data breach on Thursday, as the company lost funds worth $230 million (roughly Rs. 1,924 crore) to hackers. Over the past 24 hours, analysts and crypto industry executives have identified reasons to believe that this sophisticated breach could have been initiated by North Korean hackers, possibly linked to the infamous Lazarus Group. In a conversation with Gadgets360, Polygon’s chief information security officer, Mudit Gupta, said that there was “80 percent” certainty of the involvement of North Korean hackers in the WazirX data breach.

Crypto Industry Offers Advice as WazirX Confirms Stolen Funds

WazirX has confirmed that the hack led to the loss of funds exceeding $230 million (roughly Rs. 1,924 crore). The exchange partnered with Liminal Custody Solutions in February 2023 for assistance in secure crypto storage. In this hack, the hackers managed to get access to two signatures from WazirX and one from Liminal to hack this multi-signature wallet where the stolen funds were being held.

Meanwhile, executives from the crypto industry have offered insights into the WazirX incident, even commenting on the security of the crypto exchange.

Arjun Vijay, the co-founder and COO of Giottus crypto exchange, first said that no exchange should concentrate such a significantly large part of their total value held – in one hot wallet that is always at risk of being violated by malicious actors. His views were echoed by Gaurav Arora, Founder of Spenny, an investment platform.

“If they had capped each wallet at $25 million or even $50 million, we wouldn’t be facing this disaster. This is sheer laziness on WazirX’s part. On Liminal’s part, they should have implemented a security mechanism to block suspicious transactions. Since Liminal is not a dApp, they can have a manual intervention to confirm such big transactions, perhaps via a call or another secure method,” Arora said.

Polygon’s Gupta alleged that WazirX has ‘no security personnel’. “For comparison, Coinbase has over 200 people doing security and compliance,” he told Gadgets360, noting that an in-house security expert can set up procedures and ensure that the best practices are being followed when signing transactions as well as while also verifying everything being signed.

We’ve reached out to WazirX for details about its in-house security arrangements and are awaiting a response from the crypto exchange.

WazirX Hack: How Hackers Stole Funds From the Crypto Firm

In a statement shared with Gadgets360, WazirX detailed how the incident unfolded on Thursday. “A cyber attack occurred in one of our multisig wallets, which was operated utilising Liminal’s digital asset custody and wallet infrastructure. The wallet had six signatories—five from our WazirX team and one from Liminal. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker,” the WazirX team said.

The Mumbai-based exchange said this incident happened despite it having deployed security features including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy. The withdrawal and deposit services on the platform remain halted on WazirX after the exchange paused them on Thursday.

“This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery,” the exchange said on Friday in a post on X (formerly Twitter).