Recently, the blockchain security firm Cyvers Alert made a shocking revelation regarding the Indian exchange WazirX. According to their report, WazirX was exploited for approximately $235 million. The firm detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on the ETH network, resulting in a total of $234.9 million being moved to a new address. Each transaction’s caller was funded by Tornado Cash, raising serious concerns about the security of the exchange.
The Stolen Assets
Blockchain analyst Lookonchain provided further details on the stolen assets, which included a significant amount of various cryptocurrencies. The stolen assets included 5.43 trillion SHIB tokens valued at $102 million, 15,298 ETH worth $52.5 million, 20.5 million MATIC valued at $11.24 million, 640.27 billion $PEPE worth $7.6 million, 5.79 million USDT, and 135 million GALA valued at $3.5 million. The attacker was reportedly selling and converting these assets to ETH, highlighting the sophistication of the cyber attack.
Following the cyber attack, WazirX confirmed the security breach in one of its multisig wallets, leading to the loss of an undisclosed sum. The crypto trading platform assured its users that their team was actively investigating the incident and temporarily paused INR and crypto withdrawals to ensure the safety of assets. This incident has raised serious concerns about the security measures in place at WazirX and other crypto trading platforms.
Ownership Dispute and Allegations
WazirX, one of the largest crypto trading platforms in India, has been embroiled in controversies in the past. Last year, the exchange faced a public dispute over its ownership structure, with conflicting claims from WazirX’s founder, Nischal Shetty, and Binance’s former CEO, Changpeng Zhao. The ownership dispute raised questions about the transparency and accountability of crypto exchanges like WazirX in handling users’ funds and operations.
Cyvers Alert suggested that the North Korea-backed hacker group Lazarus might be involved in the cyber attack on WazirX. Deddy Lavid, the Co-founder & CEO of Cyvers Alert, highlighted the use of TornadoCash in funding the transactions, which resembled methods used in previous high-profile attacks linked to Lazarus Group. While it is too early to definitively establish a connection, the similarities with Lazarus Group’s tactics are a cause for concern in the crypto industry.
Over the years, Lazarus Group has gained notoriety as one of the most prominent hacking groups targeting the crypto industry. Their sophisticated tactics and connections to state-backed entities like North Korea pose a significant threat to the security of crypto exchanges and assets worldwide. The cyber attack on WazirX serves as a stark reminder of the ongoing challenges and vulnerabilities faced by the crypto industry in combating cyber threats.
Leave a Reply