TLDR
- Indian cryptocurrency exchange WazirX lost over $230 million in a cyberattack on July 18, 2024.
- The attack targeted a multisig wallet using Liminal’s digital asset custody infrastructure.
- A mismatch between displayed information and actual transaction contents led to the breach.
- Blockchain data firm TRM Labs reports crypto theft doubled from $657 million to $1.38 billion in the first half of 2024 compared to 2023.
- Some researchers suggest the attack may be linked to North Korean threat actors.
On July 18, 2024, the Indian cryptocurrency exchange WazirX fell victim to a major cyberattack, resulting in the loss of over $230 million in digital assets.
This incident marks one of the largest cryptocurrency thefts in recent history and highlights the ongoing security challenges faced by digital asset platforms.
WazirX, based in Mumbai, confirmed the attack in a statement, explaining that it targeted one of their multi-signature wallets.
The compromised wallet utilized the services of Liminal, a digital asset custody and wallet infrastructure provider, since February 2023.
The exchange described the attack as a “force majeure event” beyond their control. However, they assured users that they are working tirelessly to locate and recover the stolen funds.
WazirX has already blocked some deposits and reached out to concerned wallets for recovery.
🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.
A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.
The suspicious… pic.twitter.com/4sajAwd4Hb
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024
The breach appears to have stemmed from a discrepancy between the information displayed on Liminal’s interface and the actual contents of the transaction.
WazirX suspects that during the attack, the transaction payload was replaced, effectively transferring wallet control to the attacker.
Liminal, one of six signatories responsible for transaction verifications on the compromised wallet, stated that their platform was not directly breached.
They clarified that the affected wallet was a self-custody multi-signature smart contract created outside of their ecosystem. Liminal emphasized that all WazirX wallets created on their platform remain secure.
This incident occurs against a backdrop of increasing cryptocurrency thefts. Blockchain data firm TRM Labs reported that the amount of cryptocurrency stolen by hackers more than doubled in the past year.
The total rose from $657 million in the first half of 2023 to $1.38 billion in the first half of 2024.
At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:
» Incident Overview: A cyber attack occurred in one of our multisig wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
Some experts have drawn potential connections between this attack and known threat actors. Blockchain analytics firm Elliptic suggested that the attack bears similarities to those carried out by North Korean hackers.
Crypto researcher ZachXBT echoed this sentiment, noting that the WazirX hack “has the potential markings of a Lazarus Group attack.”
North Korean-affiliated threat actors have a history of targeting the cryptocurrency sector since at least 2017. These attacks are believed to be part of efforts to circumvent international sanctions imposed on the country.
The United Nations is currently investigating 58 suspected intrusions between 2017 and 2023 that allegedly netted $3 billion in illegal revenues for North Korea’s nuclear weapons program.
The WazirX incident also comes in the wake of Operation Spincaster, a coordinated law enforcement effort that shut down scam networks profiting from approval phishing.
This tactic, which involves stealing funds through fake crypto apps and romance scams, is estimated to have resulted in the theft of $2.7 billion since May 2021.
As investigations into the WazirX attack continue, the incident serves as a stark reminder of the persistent security risks in the rapidly evolving cryptocurrency landscape. It underscores the need for robust security measures and constant vigilance in the digital asset industry.