The North Korea-linked exploiter who targeted WazirX has converted the majority of the $230 million stolen user assets into ether, totaling $200 million.
The exploit significantly impacted WazirX's liquidity and listed token prices, with the exchange's WRX token plunging 40% drop in the past 24 hours.
WazirX blamed a mismatch between a digital interface and a major crypto wallet for triggering the exploit, despite having five signers from the exchange on a wallet that stored user assets.
The North Korea-linked exploiter that drained $230 million from Indian crypto exchange WazirX has converted most of the loot to ether {{ETH}}, blockchain tracker Lookonchain said on Friday.
The exploiter holds over 59,097 ETH as of Friday morning, worth $200 million at current prices, and another $15 million in various alternative tokens.
Hackers generally convert tokens to ether to use mixing services, such as Tornado Cash, which masks transactional activity and makes it easier to launder money.
As of Friday morning, almost all tokens listed on WazirX traded at steep discounts to their global and local prices, a sign of poor liquidity and immense selling pressure.
The bitcoin/rupee-denominated trading pair was down 22% in the past 24 hours, compared to other local bourses such as CoinDCX and Zebpay where prices were down 2%. The shiba inu/rupee pair is down 30%.
WazirX’s own WRX token is down 40% in the past 24 hours. Meanwhile, trading volumes on the exchange rose to $8 million in the past 24 hours compared to $2.2 million on Wednesday.
WazirX was hit by a security breach in one of its multisig wallets on Thursday, causing over $100 million in shiba inu (SHIB) and $52 million in ether, among other assets, to be drained from the exchange. The stolen funds accounted for over 45% of the total reserves cited by the exchange in a June 2024 report – effectively dampening hopes of a recovery among users.
Why did you keep your 50% fund in a single wallet? It’s over for you guys. It’s Lazarus group. They have already sold and converted to cash. They leave no mistakes.
— Rayan Hassan (@rayanhassan96) July 18, 2024
It blamed a “mismatch” between a digital interface and a major crypto wallet for eventually triggering the exploit, despite having five signers from the WazirX on a wallet that stored user assets.
“During the cyber attack, there was a mismatch between the information displayed on Liminal's interface and what was actually signed,” he exchange explained in a post. “We suspect the payload was replaced to transfer wallet control to an attacker.”
Some in the Indian crypto community, however, expressed distrust over that explanation.
“6 people there, need 4 to verify still hacked and blame game,” said Pankaj Tanwar, a popular crypto YouTuber, on X. “This mistake will damage #Crypto in India beyond imagination.”
“How is this good security? What kind of compliance is going on exchanges?,” said @studybitcoin21, who runs a Bitcoin podcast.
Crypto and fiat withdrawals from WazirX are temporarily paused.