Global News
WazirX’s $230M hack post-mortem: How did North Korea’s Lazarus pull it off?
Posted:
contributor
- Latest hack has crippled the India-based crypto exchange to the tune of over $230M
- Recovery efforts are underway right now, with the culprits identified too
WazirX, a prominent Indian cryptocurrency exchange, temporarily halted withdrawals yesterday following the theft of tokens worth $230 million. Within 24 hours, however, it would seem that the culprits have finally been identified.
According to a report by blockchain analytics firm Elliptic, the notorious North Korean hacking group, Lazarus, is behind this major heist.
North Korea’s shadow
The Lazarus Group, known for its sophisticated cyber-attacks, has been linked to several high-profile cryptocurrency thefts in the past. They have a notorious reputation for targeting financial institutions and cryptocurrency exchanges, using advanced techniques to infiltrate and exploit vulnerabilities.
The Lazarus Group’s involvement in this theft is part of a broader pattern of cybercrime attributed to the North Korean regime. The group has been implicated in numerous high-profile attacks, including the infamous 2017 WannaCry ransomware attack and several major cryptocurrency heists. Their activities are believed to fund the North Korean government’s operations, circumventing international sanctions.
Elliptic’s report also revealed that soon after the heist,
“… swapped a number of these tokens for Ether using a variety of decentralised services, an expected initial step of a typical laundering process.”
A post-mortem
Originally, $96M in SHIB, $52M in ETH, and $11M in MATIC were stolen from the exchange by these hackers. Their swapping of these tokens into ETH is telling, especially because a Spot ETH ETF is on the cusp of launch in the United States. Many expect it to have a very positive effect on the world’s largest altcoin, pushing its price to a new ATH on the charts.
Source: Elliptic
While a comprehensive investigation report is still awaited from the exchange, Polygon’s Mudit Gupta shared a detailed analysis of how the hack actually transpired.
The exec found that the hackers actually practiced the hack on-chain 9 days ago, before executing it finally. They did so by compromising and draining the exchange’s safe multi-sig, something they did by upgrading it to a malicious version. He added,
“2 out 4 private keys compromised directly and the remaining two were signature phished via a UI/Wallet compromise.”
For its part, WazirX has assured its users that it is working closely with law enforcement agencies and cybersecurity experts to investigate the incident and recover the stolen funds. It’s worth pointing out though that Lazarus Group’s last few attacks haven’t been prosecuted to the fullest. Hence, it might be difficult to do either in the present instance too.
Here, it’s worth pointing out the crypto-investigator ZachXBT did identify a KYC-linked deposit address that was used to funnel funds stolen thanks to the WazirX exploit. While this may be good news on the surface, according to him,
“Yes but KYC means nothing as KYC verified accounts can be easily purchased online for <$100.”
