Indian cryptocurrency exchange WazirX has confirmed a major security breach, resulting in the theft of $235 million in cryptocurrency assets.
“A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $235 million,” the company stated. “This wallet was operated using Liminal’s digital asset custody and wallet infrastructure since February 2023.”
The Mumbai-based company explained that the attack originated from a discrepancy between the information displayed on Liminal’s interface and what was actually signed. The payload was altered to transfer wallet control to the attacker.
Liminal, a crypto custody firm, is one of the six signatories on the wallet and is responsible for transaction verifications.
“Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised,” Liminal posted on X. “It is important to note that all WazirX wallets created on the Liminal platform remain secure and protected. The malicious transactions to the attacker’s addresses occurred outside of the Liminal platform.”
Blockchain analytics firm Elliptic indicated that the attack bears the hallmarks of North Korean threat actors. The attackers swapped the stolen crypto assets for Ether using various decentralized services.
This was echoed by crypto researcher ZachXBT on X, who suggested, “The WazirX hack has the potential markings of a Lazarus Group attack (yet again).”
North Korean-affiliated threat actors have a history of targeting the cryptocurrency sector since at least 2017 to circumvent international sanctions.
Earlier this year, the United Nations announced it was investigating 58 suspected intrusions by nation-state actors between 2017 and 2023, resulting in $3 billion in illegal revenues used to advance North Korea’s nuclear weapons program.
The disclosure comes amid a coordinated law enforcement operation codenamed Spincaster, which targeted scam networks profiting from approval phishing. This tactic involves stealing funds through fake crypto apps and romance scams (aka pig butchering). An estimated $2.7 billion has been stolen using this method since May 2021. “With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to drain the victim’s address of those tokens at will,” Chainalysis explained.
English