North Korean Hackers Reportedly Stole Indian Crypto Exchange Funds
WazirX lost $230 million (Rs. 1,924 crore) after being hacked.
On Thursday, hackers stole $230 million (Rs. 1,924 crore) from WazirX. Analysts and crypto industry executives have found evidence that North Korean hackers, probably from the Lazarus Group, launched this sophisticated intrusion during the previous 24 hours. Polygon’s chief information security officer, Mudit Gupta, told Gadgets360 that North Korean hackers were “80%” responsible for the WazirX data theft.
Crypto Industry Advises After WazirX Confirms Stolen Funds
WazirX revealed that the hack loss exceeded $230 million (Rs. 1,924 crore). In February 2023, the exchange hired Liminal Custody Solutions to protect crypto. The hackers hacked this multi-signature wallet holding the stolen assets by obtaining two WazirX and one Liminal signatures.
Crypto CEOs have commented on the WazirX issue, including its security
Giottus crypto exchange co-founder and COO Arjun Vijay originally stated that no exchange should keep such a large amount of money in one hot wallet, as bad actors can constantly compromise it. Investment platform Spenny founder Gaurav Arora shared his opinions.
“This disaster would have been avoided if they had capped each wallet at $25 million or $50 million. WazirX is lazy. Liminal should have blocked suspicious transactions. Liminal is not a dApp, therefore they may manually confirm large transactions by phone or another safe manner, Arora added.
Polygon’s Gupta said WazirX had ‘no security staff’. “For comparison, Coinbase has over 200 people doing security and compliance,” he told Gadgets360. An in-house security expert can establish protocols and ensure that best practices are followed when signing transactions and verifying all actions.
WazirX Hack: How Hackers Stole Crypto Funds
WazirX told Gadgets360 about the Thursday event. Hackers targeted our multisig wallet, which used Liminal’s digital asset custody and wallet technology. Five WazirX employees and one Liminal employee signed the wallet. During the cyber assault, Liminal’s interface showed information different from what the system signed. WazirX suspects that the attackers altered the payload to gain control of the wallet.
The Mumbai exchange reported this occurred despite using Gnosis Safe multisig smart contract platform and Liminal’s allowlisting policy. The exchange ceased withdrawal and deposit services on WazirX on Thursday.
This is a force majeure incident beyond our control, however we are working hard to find and reclaim the monies. In a Friday post on X (previously Twitter), the exchange stated it had barred a few deposits and contacted concerned wallets for recovery.
CREDIT: Allneedsllc, Gadgets360
READ RELATED POSTS >>