🔥North Korean hackers responsible for $235 million theft from Indian crypto exchange WazirX, says Cyfirma
More than a week after $230 million was stolen from the Indian crypto exchange WazirX, it has been identified that the North Korean hacker group Lazarus Group was behind this massive theft.
According to Cyfirma, the state-sponsored attack is linked to North Korea's Reconnaissance General Bureau (RGB), a primary intelligence service. CYFIRMA’s researchers' analysis revealed that close to $235 million in crypto assets were lost due to the breach.
This included over 200 different assets, such as approximately $96.7 million of Shiba Inu, $52.6 million of Ether, $11 million of Matic, and $7.6 million of Pepe.
The threat actor has already swapped a number of these tokens for Ether using a variety of decentralized services, an expected initial step in a typical laundering process, the firm said.
The attacks were carried out by two subgroups of the Lazarus Group, namely APT38 and Blue Noroff. Lazarus mainly targets crypto exchanges and financial institutions worldwide.
APT38 primarily focuses on financial crimes, including attacks on banks and cryptocurrency exchanges. They are known for orchestrating large-scale heists and have been linked to several high-profile attacks on Asian financial institutions and crypto exchanges.
APT38 uses sophisticated techniques such as custom malware, spear-phishing campaigns, and exploiting software vulnerabilities to infiltrate and steal funds. BlueNoroff is focused on targeting financial institutions and cryptocurrency exchanges.
Cyfirma said the group has been implicated in various attacks on crypto exchanges in Asia, employing tactics such as phishing, malware deployment, and social engineering to compromise their targets.
In 2017 and 2018, Bithumb, one of South Korea's largest cryptocurrency exchanges, suffered multiple hacks attributed to Lazarus Group, resulting in millions of dollars in stolen cryptocurrency.
In January 2018, Coincheck, a Japanese cryptocurrency exchange, was hacked
