Connect with us
Active Currencies 15474
Market Cap $3,315,316,469,688.30
Bitcoin Share 58.04%
24h Market Cap Change $1.41

WazirX’s $230M hack post-mortem: How did North Korea’s Lazarus pull it off?

2min Read

An assessment of one of the year’s biggest crypto-hacks, amounting to over $235M.

WazirX's $230M hack post-mortem: How did North Korea's Lazarus pull it off?

Share this article

  • Latest hack has crippled the India-based crypto exchange to the tune of over $230M
  • Recovery efforts are underway right now, with the culprits identified too 

WazirX, a prominent Indian cryptocurrency exchange, temporarily halted withdrawals yesterday following the theft of tokens worth $230 million. Within 24 hours, however, it would seem that the culprits have finally been identified.

According to a report by blockchain analytics firm Elliptic, the notorious North Korean hacking group, Lazarus, is behind this major heist.

North Korea’s shadow

The Lazarus Group, known for its sophisticated cyber-attacks, has been linked to several high-profile cryptocurrency thefts in the past. They have a notorious reputation for targeting financial institutions and cryptocurrency exchanges, using advanced techniques to infiltrate and exploit vulnerabilities.

The Lazarus Group’s involvement in this theft is part of a broader pattern of cybercrime attributed to the North Korean regime. The group has been implicated in numerous high-profile attacks, including the infamous 2017 WannaCry ransomware attack and several major cryptocurrency heists. Their activities are believed to fund the North Korean government’s operations, circumventing international sanctions.

Elliptic’s report also revealed that soon after the heist,

“… swapped a number of these tokens for Ether using a variety of decentralised services, an expected initial step of a typical laundering process.”

A post-mortem

Originally, $96M in SHIB, $52M in ETH, and $11M in MATIC were stolen from the exchange by these hackers. Their swapping of these tokens into ETH is telling, especially because a Spot ETH ETF is on the cusp of launch in the United States. Many expect it to have a very positive effect on the world’s largest altcoin, pushing its price to a new ATH on the charts.

Source: Elliptic

While a comprehensive investigation report is still awaited from the exchange, Polygon’s Mudit Gupta shared a detailed analysis of how the hack actually transpired.

The exec found that the hackers actually practiced the hack on-chain 9 days ago, before executing it finally. They did so by compromising and draining the exchange’s safe multi-sig, something they did by upgrading it to a malicious version. He added,

“2 out 4 private keys compromised directly and the remaining two were signature phished via a UI/Wallet compromise.”

For its part, WazirX has assured its users that it is working closely with law enforcement agencies and cybersecurity experts to investigate the incident and recover the stolen funds. It’s worth pointing out though that Lazarus Group’s last few attacks haven’t been prosecuted to the fullest. Hence, it might be difficult to do either in the present instance too.

Here, it’s worth pointing out the crypto-investigator ZachXBT did identify a KYC-linked deposit address that was used to funnel funds stolen thanks to the WazirX exploit. While this may be good news on the surface, according to him,
“Yes but KYC means nothing as KYC verified accounts can be easily purchased online for <$100.”

Share

AMBCrypto Team is constituted by a vastly experienced team of professional journalists and analysts. Each one of us is driven to deliver the most important, the most insightful stories and analyses of the day. Whether you're a casual enthusiast or a trader or an investor, we make sure you get the most objective, accurate, and time-sensitive story at your fingertips.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.