Indian cryptocurrency exchange WazirX reportedly lost around $235 million worth of digital assets due to a major cybersecurity breach that occurred in the early hours of Thursday.
According to job Shared by the company on X, the breach appears to have targeted their multi-sig wallets, resulting in the loss of a substantial amount of funds.
Following the hack, blockchain analytics firm Elliptic, in its latest reportattributed the theft to hackers with ties to North Korea. This claim was also echoed by ZachXBT in his recent article on X, revealing that the “WazirX hack has the potential hallmarks of a Lazarus Group attack.”
This marks the event as one of the largest cryptocurrencies flights linked to the nation. In the report, Elliptic stressed that this was not a one-off event, as it was part of a current model by North Korean groups targeting some of the biggest names in cryptocurrency.
It is worth noting that the majority of the stolen funds included a variety of crypto assets, such as major tokens like Ethereum and other players including Shiba Inu, PEPE, MATIC, and Floki, highlighting the hackers’ broad targeting spectrum.
On the digital trail
According to ZachXBT in his shared investigation on X, after the hack, the stolen assets were transferred to another address funded by the mixing service Tornado Cash – a platform often used to hide the provenance of crypto funds.
2/ The flight address I will start from is 0x6ee which was doing test transactions on July 10th from 0x09b multisig with SHIB and was funded with 6 X 0.1 ETH from Tornado.
0x6eedf92fb92dd68a270c3205e96dccc527728066
A technical analysis of the Mudit attack is available below https://t.co/Q86k8o7oBg pic.twitter.com/JeU66hyOkI
— ZachXBT (@zachxbt) July 18, 2024
This model of moving stolen goods is a characteristic of methods These cybercriminals use these techniques to effectively launder their profits. Elliptic has already highlighted these techniques in previous attacks orchestrated by North Korean hackers and indicates that they are being developed to hide their fingerprints.
Decentralized exchanges (DEXs) have also been used to exchange the stolen crypto assets for Ethereum, making the task more difficult. This step in the laundering process allows the perpetrators to avoid detection and increases the difficulty of recovering the stolen funds.
Elliptic has updated its systems to flag any transactions involving compromised addresses, helping its customers avoid inadvertently handling stolen funds.
More details revealed
Furthermore, in response to this incidentZachXBT has identified a KYC-linked deposit address used by the exploiter to receive funds from the WazirX exploit. This may be of minor help in tracking down the exploiter.
This bounty was solved by ZachXBT@ZachXBT provided definitive evidence of a KYC-linked deposit address used by the operator to receive funds from the WazirX exploit. This meets one of the bounty criteria: “Identify a KYC centralized exchange deposit.”
This… https://t.co/6rerMi65zC
— Arkham (@ArkhamIntel) July 18, 2024
According to ZachXBTin a scenario like this, “KYC means nothing since KYC verified accounts can be easily purchased online for (less than) $100.”
This means that unless the hacker used his real identity for the exchange used to deposit the stolen funds, the KYC-linked deposit address reported by ZachXBT may not be of much use.
Featured image created with DALL-E, chart by TradingView