In a dramatic turn of events, Indian cryptocurrency exchange WazirX has been the victim of a massive security breach, with an estimated $235 million in crypto assets stolen. The breach, which has raised serious concerns, appears to be linked to North Korean hackers.

On July 18, 2024, suspicious transactions involving WazirX’s Safe Multisig wallet were detected by Cyvers Alert on the Ethereum blockchain. The transactions, totaling approximately $234.9 million, were quickly redirected to a new address and funded through Tornado Cash, a decentralized protocol known for privacy-focused transactions.

Details of the Attack:

Blockchain analysis firm Elliptic has identified the stolen assets, which include significant amounts of Shiba Inu (SHIB), Ether (ETH), Matic (MATIC), and Pepe (PEPE). The breakdown of the stolen assets is as follows:

Shiba Inu (SHIB): $96.7 million

Ether (ETH): $52.6 million

Matic (MATIC): $11 million

Pepe (PEPE): $7.6 million

The stolen funds have been rapidly laundered, with many tokens converted into Ether via various decentralized services. This quick liquidation underscores the sophisticated nature of the attack and highlights the challenges in tracing and recovering stolen digital assets.

Security Concerns and Response:

The incident has exposed significant vulnerabilities in cryptocurrency exchanges, drawing attention to the ongoing risks in securing digital assets against sophisticated cyber threats. The use of Tornado Cash has been a particular concern, as it has been previously used by North Korean entities to launder stolen crypto. The UN has reported that North Korea laundered over $147.5 million through Tornado Cash, and the Lazarus Group, a North Korea-backed hacking group, has been linked to several major crypto attacks.

In response to the breach, Arkham Intelligence has announced a bounty for information leading to the hacker’s identification and recovery of the stolen funds. The bounty includes rewards for identifying KYC-linked centralized exchange deposits, revealing the hacker’s identity, or successful recovery efforts. Addresses associated with the hacker have been published:

0x6EeDF92Fb92Dd68a270c3205e96DCCc527728066

0x04b21735E93Fa3f8df70e2Da89e6922616891a88

0x35febC10112302e0d69F35F42cCe85816f8745CA

0x90ca792206eD7Ee9bc9da0d0dF981FC5619F91Fd

0x361384e2761150170D349924A28d965f0Dd3F092

Prominent blockchain detective ZachXBT has already made progress in solving the bounty, providing definitive evidence of a KYC-linked deposit address used by the hacker. This evidence is expected to assist WazirX in tracing the stolen funds and recovering assets.

Impact on the Indian Crypto Community:

The hack has significant implications for the Indian crypto community, which is already grappling with stringent regulations and low trading volumes due to a 1% TDS on transactions. The Financial Intelligence Unit (FIU) in India has previously blocked URLs of foreign crypto exchanges for non-compliance with local AML policies, adding to the challenges faced by the sector.

July has seen multiple attack incidents, including Dough Finance’s $1.8 million flash loan attack, Pike Finance’s $1.6 million smart contract attack, and LiFi protocol’s $11.6 million breach. The frequency and scale of these attacks underscore the urgent need for enhanced security measures in the cryptocurrency space.

As WazirX and the broader crypto community work to address these challenges, the incident highlights the need for continuous vigilance and improved security protocols to protect digital assets from sophisticated cyber threats.