WazirX Hack Mystery Deepens: Bounty Offered as Experts Suspect North Korea in $235M Exploit

Earlier today, WazirX, a prominent Indian cryptocurrency exchange, suffered a severe security breach resulting in the loss of approximately $235 million in crypto assets, with suspicions pointing towards North Korean hackers.

Blockchain analysis firm Elliptic reported that the breach encompassed more than 200 different assets, including significant amounts such as $96.7 million worth of Shiba Inu (SHIB), $52.6 million in Ether (ETH), $11 million in Matic (MATIC), and $7.6 million in Pepe (PEPE).

The hacker responsible for the breach has wasted no time in laundering the stolen assets, swiftly converting many of the tokens into Ether using various decentralized services.

Detailed Report of the Breach: $235 Million Drained with Suspected North Korean Involvement

Cyvers Alert first detected suspicious transactions involving WazirX’s Safe Multisig wallet on the Ethereum blockchain on July 18, 2024.

These transactions totaled approximately $234.9 million and were swiftly moved to a new address. Each transaction caller was funded through Tornado Cash, a decentralized protocol for private transactions.

According to Lookonchain data, the stolen assets include over $100 million in Shiba Inu (SHIB), $52 million in Ether (ETH), $11 million in Matic (MATIC), and $6 million in Pepe (PEPE). The hacker’s ongoing efforts to liquidate these assets pose significant concerns.

The latest Proof of Reserve report from WazirX indicated total holdings slightly above $502 million, highlighting the substantial impact of this breach on the exchange’s financial stability.

Elliptic’s analysis pointed to North Korean hackers as the perpetrators behind the breach , revealing the sophisticated nature of the attack and the extensive scope of assets compromised.

The incident underscores the vulnerabilities faced by cryptocurrency exchanges and the ongoing challenges in safeguarding digital assets against sophisticated cyber threats.

The use of Tornado Cash has been a major concern in the Crypto industry. The UN recently revealed that North Korea has laundered over $147.5M in stolen crypto through Tornado Cash .

A recent $305M hack was also traced to the North Korea-backed Lazarus Group, which has been behind major crypto attacks. The UN also investigated a $3B attack linked to them earlier this year .

Bounty Released: A Step Toward Finding the Hacker and Recovering the Funds

In response to the hack, Arkham Intelligence announced a bounty for information leading to the hacker’s identification.

The bounty offers rewards for identifying a KYC-linked centralized exchange deposit, revealing the identity of the exploiter, or successful efforts to return the stolen funds.

Addresses associated with the hacker include:

– 0x6EeDF92Fb92Dd68a270c3205e96DCCc527728066

– 0x04b21735E93Fa3f8df70e2Da89e6922616891a88

– 0x35febC10112302e0d69F35F42cCe85816f8745CA

– 0x90ca792206eD7Ee9bc9da0d0dF981FC5619F91Fd

– 0x361384e2761150170D349924A28d965f0Dd3F092

Prominent blockchain detective ZachXBT successfully solved the Arkham Intelligence bounty by providing definitive evidence of a KYC-linked deposit address used by the hacker to receive funds from the WazirX exploit.

This evidence fulfilled one of the bounty criteria, helping trace the stolen funds and aiding WazirX’s investigation. The information will be shared with the WazirX team so they can assist in the recovery efforts.

The hack has significant implications for the Indian crypto community, which is already under pressure from stringent regulations and low trading volumes due to the 1% TDS on each transaction.

India’s Financial Intelligence Unit (FIU) has previously blocked URLs of several foreign crypto exchanges , including Binance, for non-compliance with local AML policies.

Over three attack incidents have been reported this month only, with millions lost in funds. Recent attacks include Dough Finance’s $1.8 million flash loan attack, Pike Finance’s $1.6 million smart contract attack, and LiFi protocol’s $11.6M attack .

July has seen more hacks, and the ongoing need for security cannot be overemphasized.