Indian cryptocurrency exchange WazirX suffered a significant security breach early Thursday morning, resulting in the loss of over $230 million in user funds as reported by Todayq News. Following this security breach blockchain analysis firm Elliptic has indicated that the attack was likely executed by hackers linked to North Korea and might be Lazarus Group.

Is North Korea behind the WazirX hack?

The stolen funds represent more than 45% of WazirX’s $500 million holdings, as reported in a June 2024, disclosure. Additionally, the exchange’s live proof of reserve site was down for maintenance at the time of reporting, further complicating the situation for users seeking transparency about their assets.

The breach targeted one of the exchange’s multisignature wallets, which require multiple private keys for transaction approval. WazirX confirmed the incident on social media platform X, stating that their team is actively investigating the breach. To protect user assets, the exchange has temporarily paused all INR and crypto withdrawals.

Initially, WazirX identified the compromised wallet’s provider as Liminal, a crypto custody firm, in a follow-up post. However, this post was later deleted after Liminal clarified that the affected wallets were created outside its ecosystem. This raises questions about the security protocols and oversight involved in the management of WazirX’s wallets.

The types of stolen funds vary, with blockchain data tracked by Lookonchain reporting that over $100 million worth of Shiba Inu (SHIB) tokens were withdrawn, making it the most significant loss among the stolen assets. Other major losses include $52 million in Ether (ETH), $11 million in Matic’s MATIC tokens, and $6 million in Pepe (PEPE) tokens.

Update:#WazirX has ~$230M in assets stolen. Including:5.43T $SHIB($102M)15,298 $ETH($52.5M)20.5M $MATIC($11.24M)640.27B $PEPE($7.6M)5.79M $USDT135M $GALA($3.5M)…Please note that the hacker is selling these assets!https://t.co/1uOozAVeM1 https://t.co/ogtVSFITK9 pic.twitter.com/3vPmxqXwbL

— Lookonchain (@lookonchain) July 18, 2024

Transactional data reveals that the attacker is actively liquidating the stolen assets using the on-chain exchange Uniswap. So far, the exploiter has yet to sell their ETH holdings and still possesses over $4.2 million in FLOKI tokens. The rapid liquidation of these assets could have broader implications for market stability, particularly for the tokens involved.

Silence of Indian regulatory bodies

The Indian Financial Ministry has not commented on the attack or its potential impact on the country’s crypto ecosystem. This silence from regulatory bodies highlights the challenges and risks associated with the relatively nascent and unregulated crypto market in India. 

According to data from coinmarketcap, WazirX managed $2.2 million in trading volumes over the past 24 hours, primarily in Tether (USDT) stablecoins and XRP. This activity highlights the continued demand for crypto trading services despite the security breach.

This security breach highlights the urgent need for robust security measures and regulatory frameworks to protect users in the crypto industry. As WazirX works to address the breach and secure its platform, the incident serves as a stark reminder of the vulnerabilities that still exist in the world of digital currencies.