Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets.
“A cyberattack occurred in one of our wallets (multi-signatures) involving a loss of funds exceeding $230 million,” the company said said in a statement. “This wallet was operated using Liminal’s digital asset custody services and wallet infrastructure starting in February 2023.”
The Mumbai-based company said the attack resulted from a mismatch between the information displayed on Liminal’s interface and what was actually signed. It said the payload was replaced to transfer control of the wallet to an attacker.
Cryptocurrency custody firm Liminal is one of six signatories to the wallet and is responsible for verifying transactions.
“Our preliminary investigations show that one of the standalone multi-signature smart contract wallets created outside of the Liminal ecosystem has been compromised,” Liminal said in a series of posts shared on X.
“It is also relevant to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all malicious transactions to the attackers’ addresses took place outside of the Liminal platform.”
Blockchain analysis company Elliptic said the attack has all the hallmarks of North Korean threat actors and the attackers made the decision to exchange the crypto assets for Ether using various decentralized services.
This was also reiterated by crypto researcher ZachXBT on said “The WazirX hack has the potential hallmarks of a Lazarus Group attack (again).”
Threat actors affiliated with North Korea have historical of organize cyberattacks targeting the cryptocurrency sector since at least 2017 in order to circumvent international sanctions imposed against the country.
Earlier this year, the United Nations said it was investigating 58 alleged intrusions carried out by state actors between 2017 and 2023, which brought in $3 billion in illegal revenue to help them advance their nuclear weapons program .
The disclosure comes against the backdrop of a coordinated law enforcement operation called Spincaster that shut down fraudulent networks making illicit profits through approval phishing, a popular tactic in which funds are stolen through fake app applications. cryptography and romance scams (i.e. pig butchery). It is estimated that nearly $2.7 billion has been stolen using this method since May 2021.
“With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address permission to spend specific tokens in the victim’s wallet, allowing the scammer to draw at will the address of the victim of these tokens”, Chainalysis said.
Update
WazirX has announcement a bug bounty program in response to a cyberattack to help uncover “actionable intelligence” that could lead to the freezing of stolen assets, in addition to offering a reward equivalent to 10% of the amount recovered.
The crypto exchange has since notified the Financial Intelligence Unit – India (FIU-IND) and CERT-In, and has trading temporarily interrupted.
