WazirX lost $235M in a hack linked to North Korea’s Lazarus Group.
Stolen assets include $96.7M in SHIB, $52.6M in ETH, and $11M in MATIC.
Hacker employ TornadoCash to launder $234.9M in cryptocurrency transactions.
WazirX, an Indian cryptocurrency exchange platform has been a target of hacking, where about 1.67 billion in different cryptocurrencies were stolen. Blockchain analytics firm Elliptic said the attack utilized techniques associated with North Korea’s Lazarus group, which it noted tends to be highly skilled in its hacks.
Attack Details and Methodology
The preparation for the attack began at least eight days before the implementation of the attack. The threat actors applied the most severe type of threat acting on WazirX’s vulnerabilities and modifying the multi-signature wallet to a malicious one that enabled them to transfer funds without permission.
Huge sums of cryptocurrency; such as $96.7M in Shiba Inu (SHIB), 52.6 million in Ethereum (ETH), $7.6 million in Polygon’s Matic (MATIC), and Pepe 11 million were stolen.
More than $230M of assets have been abnormally transferred from the #WazirX(@WazirXIndia) wallet to the wallet"0x04b2".Currently, wallet "0x04b2" is dumping these assets, and has dumped 640.27B $PEPE($7.6M).https://t.co/wem0wVk7OH pic.twitter.com/66Poia2qAk
— Lookonchain (@lookonchain) July 18, 2024
Mudit Gupta, the Chief Information Security Officer at Polygon Labs said it is characteristic of the Democratic People’s Republic of Korea (DPRK). It is necessary to note that the stolen funds are now located in someone’s wallet which, contains $72.4 million in assets.
Response and Recovery Efforts
In response to the breach, crypto security firm Arkham announced a bounty of 5000 ARKM coins to incentivize the identification of the hacker or recovery of the stolen funds. ZachXBT, a well-known crypto detective, has already contributed evidence towards identifying the hackers, demonstrating the community’s solidarity in tackling such incidents.
1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations. https://t.co/gLHu05sXWZ pic.twitter.com/eFRNdLtACB
— ZachXBT (@zachxbt) July 18, 2024
WazirX paused withdrawals to ensure the safety of user assets and is actively investigating the incident. In a statement, the exchange assured users that their funds were safe, despite the significant breach.
Use of TornadoCash
The hackers used TornadoCash, a privacy tool for cryptocurrencies, to obscure transactions. This tactic mirrors previous hacks associated with Lazarus Group, complicating efforts to trace the funds and identify the involved parties. The compromised wallet has already offloaded 640.27 billion PEPE tokens worth $7.6 million and transferred substantial amounts of other cryptocurrencies.
Read Also:
Lazarus Group Withdraws $64M ETH From the Harmony Hack
WazirX and Binance Exchanges Dispute Escalates
Surging Beyond $0.7228: WazirX WRX’s Promising 2024 Forecast
Binance and Huobi Freeze $1.4M in Crypto Linked Lazarus Group
Crypto Conversion for North Korean Hackers: Three Suspects Exposed
The post WazirX Cryptocurrency Exchange Loses $235M in Lazarus group-Linked Hack appeared first on Crypto News Land.