Cryptocurrency Theft: WazirX Loses $230 Million Amid Breach
WazirX, an Indian cryptocurrency exchange, has recently confirmed that it was targeted by threat actors who caused a security breach leading to the theft of $230 million in crypto assets. Media reports have confirmed that the attack occurred in one of the exchange’s multi-signature wallets. In this article, we’ll dive deep and uncover the details of this cryptocurrency theft.
WazirX Cryptocurrency Theft Uncovered
As per the information available, the cryptocurrency theft took place in one of the organization’s multi-signature wallets that has been utilizing the services of Liminal’s digital asset custody and wallet infrastructure since February 2023.
Liminal is one of the six signatories on the wallet, bearing the responsibility of transaction verification. Media reports have cited WazirX stating that the attack originated from a mismatch between the data displayed on Liminal’s interface and that which was actually signed.
The crypto exchange also stated that the payload was used to transfer control of the wallet to a threat actor. Liminal, providing insights pertaining to the cryptocurrency theft, has stated that:
“Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised.”
In addition, Liminal provided further clarification into the cryptocurrency theft by stating that:
“It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform.”
Threat Actors Behind The Crypto Exchange Hack
Elliptic, a blockchain analytics firm, has stated that the WazirX cryptocurrency theft shows traces pertaining to the malicious activities of North Korean threat actors. They have also uncovered that the threat actors swapped the assets stolen during the cryptocurrency theft to Ether using decentralized services.
Furthermore, crypto researcher ZachXBT took to X, formerly known as Twitter, to verify claims made by Elliptic. The crypto researcher has stated that this cryptocurrency theft shows markings of the Lazarus group.
It’s worth mentioning here that threat actors with affiliations to North Korea are known for cyber attacks pertaining to cryptocurrency theft, as they have targeted organizations within this sector since 2017. Recent reports have mentioned that their aim for doing so is to bypass international sanctions imposed by the country.
Suspected Intrusions, Intent, And Techniques
As far as the activities of these threat actors are concerned, the United Nations has inquired about 58 suspected intrusions pertaining to the group. These activities took place between 2017 to 2023 and have amounted to $3 billion for advancements related to the nation’s nuclear weapons program.
Providing details regarding the techniques, Chinalysis, an American blockchain analysis firm, has stated that:
“With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s address of those tokens at will.”
Cryptocurrency Theft: WazirX Responds
In response to the cryptocurrency theft, WazirX has launched a bug bounty program. The program has a reward that will be 10% of the recovered amount and the aim is to uncover insights that help in freezing the stolen assets. WazirX has also paused trading on a temporary basis and has notified the Financial Intelligence Unit—India (FIU-IND) and CERT-In.
Conclusion
In light of the $230 million cryptocurrency theft, WazirX has swiftly acted to improve security. The launch of a bug bounty program, alongside notifying regulatory bodies and pausing trading, demonstrates their commitment to recovering stolen assets and enhancing protection against future cyber attacks. The incident serves as a reminder as to why crypto platforms must adopt proactive cybersecurity measures.
The sources for this piece include articles in The Hacker News and Business Today.