The Indian cryptocurrency exchange WazirX has acknowledged that $230 million worth of bitcoin assets were stolen as a result of a security incident that affected it.
The corporation released a statement stating that “a cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million.” “This wallet was operated utilising the services of Liminal’s digital asset custody and wallet infrastructure from February 2023.”
The Mumbai-based business said that an inconsistency between the data that Liminal’s interface showed and the data that was really signed was the cause of the assault. It claimed that the payload was changed such that an attacker could take control of the wallet.
One of the six signatories on the wallet is the cryptocurrency custody company Liminal, which is in charge of transaction verifications.
In a series of articles published on X, Liminal stated, “Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised.”
Furthermore, it is important to remember that every WazirX wallet generated on the Liminal platform is still safe and secure. In the meantime, no malicious transactions have come from within the Liminal platform to the attacker’s addresses.”
The attack has all the characteristics of North Korean threat actors, according to blockchain analytics company Elliptic, and the attackers have gone so far as to exchange the cryptocurrency assets for Ether using a variety of decentralised platforms.
Crypto expert ZachXBT on X also confirmed this, stating that “the WazirX hack has the potential markings of a Lazarus Group attack (yet again).”
Since at least 2017, threat actors connected to North Korea have a history of launching cyberattacks against the cryptocurrency industry in an effort to evade international sanctions placed on the nation.
The UN announced earlier this year that it was looking into 58 alleged intrusions that nation-state actors carried out between 2017 and 2023 and that brought in $3 billion in illicit proceeds to support the advancement of their nuclear weapons program.
The revelation coincides with the conclusion of a concerted law enforcement investigation known as Spincaster, which targeted scam networks profiting illegally from approved phishing—a common strategy in which money is pilfered through phoney cryptocurrency apps and romantic scams, often known as “pig butchering.” Since May 2021, an estimated $2.7 billion has been stolen using this technique.
“With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s address of those tokens at will,” Chainalysis stated.
In response to a cyberattack, WazirX has launched a bug bounty program, promising 10% of the recovered funds as compensation for assisting in the discovery of “actionable intelligence” that may result in the freezing of the stolen assets.
Since then, the cryptocurrency exchange has temporarily stopped trading and contacted CERT-In and the Financial Intelligence Unit—India (FIU-IND).