KEY POINTS
- WazirX said the exploit was a 'force majeure event beyond our control'
- Most of the stolen assets were in $SHIB, while the rest were in $ETH and other tokens
- Crypto users raised concerns about chances of fund recovery being low if Lazarus was indeed behind the hack
WazirX, a cryptocurrency exchange giant based in India, has been exploited for over $230 million after one of its multisig wallets suffered a security breach that blockchain security firms and experts said appears to have been carried out by North Korea-linked hackers.
WazirX security breach
Multiple blockchain security and analysis firms flagged the exploit that affected user funds Thursday, revealing that most of the cryptocurrencies stolen were in popular memecoin Shiba Inu ($SHIB). WazirX confirmed the attack, publishing preliminary findings of an investigation "to clarify the situation."
Exchange says the attack was beyond its control
WazirX, which describes itself as the largest crypto exchange in India, said it had robust security features and the cyberattack was "a force majeure event beyond our control." It said it will continue to locate and recover the pilfered funds and has reached out to "the best resources to help us in this endeavor."
Hackers dump stolen $SHIB
Leading blockchain analytics firm Arkham Intelligence revealed late Thursday that the $102.1 million in stolen $SHIB "has now been fully sold off by the attacker."
Following news of the dump, the token, which is the Top 2 memecoin on CoinGecko's ranked meme tokens, slumped by over 8%.
A Lazarus Group attack?
Prominent crypto sleuth ZachXBT, who identified the KYC (know your customer) deposit address used by the exploiter to receive the stolen funds, revealed that upon tracing the hacker's movements, he determined that "the WazirX hack has the potential markings of a Lazarus Group attack (yet again)."
Elliptic, another blockchain intelligence firm, said the exploit was a "North Korea-linked breach." It added that more than 200 different digital assets were stolen, including some $52.6 million worth of Ether ($ETH), the native cryptocurrency of the Ethereum blockchain, and around $7.6 million of the $PEPE memecoin.
Elliptic confirmed Arkham's earlier revelation that some of the pilfered assets were already sold off. Some were swapped for $ETH "using a variety of decentralized services, an expected initial step of a typical laundering process."
Who is Lazarus Group?
Lazarus Group is a notorious North Korea-linked hacking group tied to multiple exploits in the crypto space. Within a three-year period, the exploiters are said to have laundered some $200 million in pilfered crypto.
ZachXBT published a lengthy report in April, unveiling the tactics used by Lazarus Group to cover its tracks as it laundered the funds it stole across over 25 hacks carried out between August 2020 and October 2023.
Crypto users react to the massive exploit
Pankaj Tanwar, the founder of the crypto education platform BTC Expert India, said he hopes WazirX can recover the funds. "This mistake will damage crypto in India beyond imagination," he said.
One user questioned why the exchange "keep your 50% fund in a single wallet." WazirX is known to have held some $500 million worth of assets before the exploit, as per prominent Indian crypto figure Aditya Singh. "It's over for you guys. It's Lazarus Group. They have already sold and converted to cash," the user said.
It is unclear whether WazirX is working with law enforcement to help recover the funds.