In a devastating blow to the Indian cryptocurrency landscape, WazirX, one of the country’s largest crypto exchanges, has suffered a massive security breach resulting in the loss of approximately $235 million. Blockchain security firm Cyvers Alert reported that the hack involved multiple suspicious transactions from WazirX’s Safe Multisig wallet on the Ethereum network.

Cyvers detailed the incident, stating, “Our system detected multiple suspicious transactions involving Safe Multisig wallet on the ETH network. A total of $234.9M of your funds have been moved to a new address. Each transaction’s caller is funded by Tornado Cash.” This method of obfuscating the source of transactions has previously been linked to high-profile cyberattacks, raising concerns about the potential involvement of North Korean hacker groups.

The Heist

Blockchain analyst Lookonchain identified the stolen assets, which include a staggering array of cryptocurrencies: 5.43 trillion SHIB tokens (worth $102 million), 15,298 ETH (valued at $52.5 million), 20.5 million MATIC (worth $11.24 million), 640.27 billion PEPE (worth $7.6 million), 5.79 million USDT, and 135 million GALA (worth $3.5 million). The attacker has been reportedly converting these assets to ETH, further complicating the recovery process.

Market Impact

Following the breach, WazirX’s native token WRX plummeted by 15% in dollar terms, with a more severe drop of over 25% in rupee terms. SHIB, heavily impacted by the hack, saw a 6% drop in market value in U.S. dollar terms and a 16% decrease in rupee terms as the attacker began liquidating the stolen tokens.

The incident also led to significant discounts on various cryptocurrencies on the WazirX platform, with bitcoin trading at an 11% discount compared to rival exchanges. This panic selling reflects the broader uncertainty and fear among WazirX users.

Response and Investigation

WazirX confirmed the security breach in a post on X, announcing that INR and crypto withdrawals were temporarily paused to ensure the safety of users’ assets. “Our team is actively investigating the incident,” the company stated, without disclosing the exact amount of funds lost.

Suspected North Korean Involvement

Cyvers and blockchain forensics firm Elliptic have both suggested that the hack may be linked to the notorious North Korean Lazarus Group. “The use of TornadoCash to fund the transactions is indicative of methods used in previous high-profile attacks,” said Deddy Lavid, Co-founder & CEO of Cyvers Alert. While it is too early to definitively confirm the group’s involvement, the similarities in tactics are concerning.

Lazarus Group has been a prominent player in the cybercrime arena, especially within the cryptocurrency sector. A Chainalysis report estimates that North Korean hackers have stolen over $3 billion in the past five years, with Lazarus being responsible for a significant portion of these thefts.

Conclusion

The WazirX hack not only underscores the vulnerabilities within the cryptocurrency infrastructure but also highlights the persistent threat posed by sophisticated hacking groups like Lazarus. As investigations continue, the immediate focus for WazirX and the broader crypto community will be on enhancing security measures to prevent such incidents in the future and to recover the stolen assets.