WazirX Exchange Releases Post-Mortem Report: Was North Korea Behind The $235M Exploit?

As a researcher with extensive experience in cybersecurity and blockchain technology, I find the WazirX cryptocurrency exchange incident deeply concerning. The unauthorized transfer of over $230 million worth of assets is a significant breach that raises critical questions about the security measures in place at the exchange.


Recently, Indian cryptocurrency exchange WazirX suffered a major security incident, causing the illicit transfer of approximately $230 million worth of assets from user accounts. Consequently, the platform had to momentarily halt withdrawals while they carried out an investigation and implemented measures to contain the breach.

In the latest report from WazirX, initial insights have emerged regarding the reasons behind the exploit. Simultaneously, Elliptic, a renowned blockchain analysis company, has proposed a possible connection to North Korea in this complex hacking incident.

WazirX Multisig Wallet Breach

WazirX revealed that a cyber attack struck one of their multisignature wallets, which has been utilizing Liminal’s digital asset custodial and wallet services since February 2023.

As an analyst, I’ve uncovered some intriguing details regarding the wallet in question. This wallet is believed to have been set up with a unique configuration, allowing for six individuals to have signing authority. Five of these signatories hailed from the WazirX team, while the sixth was affiliated with Liminal. Their roles were significant: they were responsible for validating and approving transactions originating from this wallet.

As a crypto investor using WazirX, I’d describe it this way: When making a transaction on WazirX, three of us with signing authority, each utilizing Ledger Hardware Wallets for enhanced security, need to approve the action. Subsequently, there is an additional approval step from Liminal’s signatory before the transaction is finally executed.

An extra layer of security was ensured through a whitelist policy that permitted transactions exclusively to designated addresses managed by Liminal.

The investigation revealed that the discrepancy between Liminal’s interface presentation and the true transaction details was the root cause of the security incident.

During the assault, the exchange detected an inconsistency between the data shown on Liminal’s dashboard and the authenticated signatures. It is believed that the attacker managed to alter the payload, thereby seizing control of the wallet and exploiting any underlying weaknesses.

North Korean Affiliation In $235M Breach?

WazirX highlighted its strong security protocols, such as the use of the Gnosis Safe multisignature smart contract platform and Liminal’s whitelist policy. Nevertheless, these protective measures were bypassed by the cybercriminals, allowing them to carry out the theft.

Moving forward, the platform reassured customers about the safety of their assets and recognized the importance of conducting a thorough examination and enhancing security measures. In conclusion, they declared the following statement:

In spite of this being an unforeseen circumstance that lies beyond our grasp, we are leaving no stone untouched in our efforts to trace and retrieve the lost funds. We have initiated steps by freezing certain deposits and contacted relevant wallets for their assistance. We are collaborating with top-tier resources to aid us in this mission. Our preliminary investigation has yielded these results, but we will keep you informed of any new developments. With your cooperation, we will triumph over this obstacle and become more robust and resilient than before.

As a blockchain analysis expert, I’ve come across Elliptic’s independent investigation into the recent cryptocurrency exploit. According to their findings, there could be a link to North Korea based on their analysis.

Based on Elliptic’s report, around $235 million worth of different cryptocurrencies were stolen in the incident, which included Shiba Inu (SHIB), Ethereum (ETH), Polygon (MATIC), and Pepe.

According to reports, the suspected thief is believed to have transformed certain tokens into Ether through decentralized platforms, which is a typical maneuver in money laundering schemes. However, based on on-chain investigation and data examined by Elliptic, there are indications of possible collusion with hackers originating from North Korea.

WazirX Exchange Releases Post-Mortem Report: Was North Korea Behind The $235M Exploit?

Read More

Sorry. No data so far.

2024-07-18 22:36