- WazirX loses $235M in crypto to North Korean-affiliated Lazarus Group hack.
- In a recent investigation, ZachXBT reveals laundering tactics used in the WazirX heist.
- Elliptic flags addresses linked to WazirX hack, cites North Korean involvement.
In one of the largest cryptocurrency heists this year, the Indian cryptocurrency exchange WazirX has reportedly lost $235 million (approximately 2,000 crore INR) in various digital assets, following a sophisticated breach linked to the North Korean-affiliated Lazarus Group.
According to Elliptic Research, the hack resulted in significant losses across multiple cryptocurrencies, with Shiba Inu (SHIB) experiencing the highest loss at $96.7 million. Ethereum (ETH) followed with $52.6 million in losses, while Polygon (MATIC) and PepeCoin (PEPE) saw losses of $11 million and $7.6 million, respectively. Tether (USDT) and Floki Inu (FLOKI) were also impacted, losing $5.7 million and $4.7 million. Other assets accounted for an additional $56.7 million in losses.
Investigative Insights from ZachXBT
Renowned crypto investigator ZachXBT provided a detailed transactional trail via his Twitter thread, illustrating the laundering tactics used by the attackers. The initial exploitation involved siphoning funds from a compromised multisig wallet at WazirX.
The stolen Ethereum was then laundered through Tornado Cash to obfuscate the origins of the funds. Further transactions revealed the funds moving through multiple wallets, with significant sums converted to other cryptocurrencies, including Bitcoin.
The tracing effort ended when Bitcoin transactions from an unknown service were identified, making further tracking challenging. ZachXBT speculated that the methods and scale of operation bore the potential markings of an attack by the Lazarus Group, known for its sophisticated cybercrime strategies. ZachXBT’s investigation eventually hit a roadblock when the funds were transferred to an unknown Bitcoin service, effectively ending the traceable path of the stolen funds.
CoinsPaid Loses $7.5 Million in Cyber Theft; Lazarus Group SuspectedZachXBT also solved the “Arkham bounty” by identifying a KYC exchange deposit made by the hacker. He pointed out the ineffectiveness of KYC as a standalone security measure due to the availability of verified accounts for purchase.
Elliptic’s Preventative Measures
Elliptic has been pivotal in analyzing the breach, providing on-chain analysis that supports the hypothesis of North Korean involvement. The address linked to the theft has been flagged in Elliptic’s system, alerting clients about potential interactions with the stolen funds.
Global Implications and Call for Transparency
ZachXBT highlighted the use of sophisticated methods reminiscent of those employed by the Lazarus Group, urging transparency and cooperation from WazirX. Elliptic’s findings, alongside insights provided by community investigators like ZachXBT, have been crucial in understanding the scale and complexity of the attack.