North Korean Hackers Suspected in $230M Theft from Indian Crypto Exchange WazirX

In a startling revelation, Indian cryptocurrency exchange WazirX announced the loss of digital assets worth approximately $230 million due to a cyberattack believed to be orchestrated by North Korean operatives.

The breach occurred late Thursday and involved a sophisticated assault on a multi-signature wallet—a digital safe that enhances security by necessitating multiple keys for transaction authorization.

How the Cyber Heist Unfolded

The compromised wallet required approvals from six signatories—five from WazirX’s team and one from their security partner, Liminal. Typically, transactions on WazirX demand three internal approvals plus one from Liminal.

However, the attackers exploited inconsistencies between Liminal’s user interface and the transaction data, manipulating the process to gain unauthorized access to the wallet, and effectively bypassing established security protocols.

Following the breach, WazirX promptly suspended all cryptocurrency withdrawals and initiated contact with affected wallet owners to aid in recovery efforts. The company described the incident as a “force majeure” event, often cited in scenarios like natural disasters or wars, indicating the extraordinary nature of the attack.

Following the breach, WazirX has temporarily halted rupee and crypto withdrawals on their platform. The company termed the breach as a "force majeure event" beyond its control.

— Maverick (@maverick_rayz) July 19, 2024

Global Implications and WazirX’s Response

Blockchain analytics firms have been actively tracing the stolen assets. UK-based Elliptic pinpointed the movement of stolen tokens being exchanged for Ethereum through decentralized platforms, suggesting an effort to launder the assets.

The hacker behind the $235 million #WazirX exploit has converted $149M worth of #altcoins in to $ETH.

 Security analysts suggest it was move to avoid the funds getting blacklisted or frozen.

As per #blockchain analytics firm #spotonchain, the hacker converted $90.2M worth of… pic.twitter.com/F1DUqtft2n

— TOBTC (@_TOBTC) July 19, 2024

Analysis of blockchain activity led Elliptic to attribute the theft to North Korean entities, known for using cyber heists to fund state activities under international sanctions.

WazirX, with approximately 16 million users, remains under scrutiny, not just for this incident but also for previous regulatory challenges in India.

Despite being potentially acquired by Binance in 2019—a claim disputed by Binance’s founder—the exchange has faced regulatory hurdles, including a suspension in 2023 for breaching anti-money laundering regulations.

Joanna Cheng from Fireblocks emphasized the lack of specific cryptocurrency regulations in India, advocating for clear standards to ensure exchanges are accountable, particularly those serving a vast retail customer base.

The call for regulation underscores the need for stringent security measures and robust risk management practices in the burgeoning cryptocurrency sector.