Mumbai-based WazirX crypto exchange has released its post-mortem report on a “force majeure” incident that allowed a multi-sig wallet hack.
As crypto.news reported earlier on Thursday, WazirX was hacked for $230 million in cryptocurrencies after bad actors compromised UI critical to the platform’s wallet management. The Indian crypto exchange explained that the issue originated from different data displayed on Liminal’s interface, the digital asset custody, and the wallet infrastructure employed by WazirX.
The platform’s multi-sig wallet required three signatures from internal WazirX team members and one final approval from Liminal.
“During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker”, the team said via an X post.
The crypto exchange stated it would “leave no stone unturned” regarding recovering stolen funds and locating the perpetrator.
At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:» Incident Overview: A cyber attack occurred in one of our multisig wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
You might also like: Indian exchange WazirX loses $234m in recent exploit
WazirX recovery unlikely
While WazirX seems determined to chase after the hackers, the prime suspect indicates recovery might be impossible. According to Elliptic and crypto sleuth ZachXBT, the hack bears the hallmarks of the notorious North Korean criminal organization Lazarus.
Lazarus is credited with some of crypto’s largest exploits, like Axie Infinity’s $600 million Ronin Bridge and, most recently, the $308 million DMM Bitcoin theft. The syndicate is also the subject of U.S. sanctions over money laundering and terror financing. Funds are hardly ever recovered when Lazarus is involved.
Blockchain data provider Arkham also noted that the hacker had already offloaded nearly half of the loot. Freezing funds worth $102 million may still be possible depending on the sell destination, whether a centralized exchange or otherwise.
UPDATE: The WazirX Hacker is out of SHIB.$102.1M SHIB was stolen this morning from WazirX and has now been fully sold off by the attacker. pic.twitter.com/sjCSZJhdIv
— Arkham (@ArkhamIntel) July 18, 2024
Read more: Polymarket: Kamala Harris overtakes Biden for Dem nominee