North Korea likely behind takedown of Indian crypto exchange WazirX
Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea.
According to a late Thursday WazirX Xeet, the attack targeted one of its multi-signature wallets – digi-cash lockers that are designed to offer superior security by requiring multiple private keys to authorize a transaction.
WazirX’s transaction verification process requires approval by multiple parties.
The hacked wallet had six signatories – five from WazirX team and one from Liminal. Most transactions on the WazirX platform require approval from three of the company’s signatories, plus final approval from Liminal’s signatory.
We’re told the attack exploited a discrepancy between Liminal’s interface and the actual transaction data. That allowed the attacker to manipulate the gain control of the wallet, bypassing the multi-signature security measures, WazirX explained.
After discovery of the event was made, WazirX halted all crypto withdrawals. The firm revealed that it had already blocked a few deposits and reached out to concerned wallet-owners to assist with recovery.
The crypto exchange has described the incident as a “force majeure” event – a term usually reserved for natural disasters or wars.
“Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred,” claimed WazirX. The exchange asserted it is “leaving no stone unturned to locate and recover the funds.”
Blockchain analytics platform Lookchain thinks it has spotted them. The outfit published a breakdown of which WazirX assets were stolen, and suggested whoever stole them is already looking for buyers.
UK-based blockchain analytics firm Elliptic, which specializes in blockchain analytics for financial crime compliance, noted that the perp has already started swapping a number of stolen tokens for Ether cryptocurrency using a variety of decentralized services.
Elliptic’s perusal of blockchains backing the assets led it to conclude the thieves are affiliated with North Korea.
North Korea has turned to cryptocurrency as a source of funds in the face of international sanctions. The nation is thought to run crypto-stealing operations and to launder the proceeds into instruments it can use to fund its nuclear weapons program and enrich the family of supreme leader Kim Jong Un.
WasirX claims roughly 16 million users and is one of the crypto exchanges in India. It was acquired in 2019 by Binance, although there seems to be some dispute over its ownership – some coming from incarcerated Binance founder “CZ” himself who claims the deal was never signed. WazirX co-founder Nischal Shetty insists it most certainly was.
But being connected to Binance may not have been the best thing for WazirX. The acquirer was suspended from operating in India in December 2023 for violating anti-money laundering rules. It was cleared again to operate last month – subject to a $2.25 million fine.
WasirX has also had its share of trouble with regulatory authorities in India as it had $8.1 million frozen as a part of money laundering investigations in August of 2022.
Legislation to ban or at least rein in cryptocurrency has periodically been presented in India. However, as of mid-2024, the government has yet to finalize its stance on the alterna-cash.
Joanna Cheng, associate general counsel at NYC-based cryptocurrency custody and security firm Fireblocks, told The Register “There is no specific crypto regulation in India so far, and the industry would benefit from clear regulatory expectation on issues like security standards, risk management, and consumer protection. Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).” ®
READ MORE HERE