WazirX Exchange Halts Withdrawals Following $235M Wallet Breach

Highlights:

• WazirX confirmed a breach of its multisig wallet, which resulted in the unauthorized transfer of $235M in crypto assets.
• Blockchain trackers reveal significant losses, including 15,298 ETH and 5.43 trillion SHIB tokens.
• WazirX suspended withdrawals following the incident, investigating links to Lazarus Group.

On July 18, WazirX, India’s top crypto exchange, suffered a wallet exploit that resulted in the unauthorized transfer of $234.9 million in crypto assets. The attack was initially reported by Web3 security firm Cyvers Alerts early today. 

Cybersecurity Firms Provide Details on WazirX Exchange’s Attack

Cybers has detected “multiple suspicious transactions” linked to WazirX’s Safe Multisig wallet on the Ethereum network. Each “transaction’s caller was funded by Tornado Cash”, complicating efforts to trace assets and identify the parties involved. The security firm alleged that the attackers swiftly converted the transferred funds from digital assets like USDT, PEPE, and GALA into ETH and other digital assets.

🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.

A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.

The suspicious… pic.twitter.com/4sajAwd4Hb

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024

According to reports from Lookonchain, a blockchain tracking platform, the transfers were sent to an unknown wallet labelled “0x04b2.” The platform revealed that the stolen assets included 15,298 ETH (valued at $52.5 million), 5.43 trillion SHIB tokens (worth $102 million), 20.5 million MATIC (worth $11.24 million), 5.79 million USDT, 640.27 billion $PEPE (worth $7.6 million), and 135 million GALA (worth $3.5 million). 

Update:#WazirX has ~$230M in assets stolen. Including:

5.43T $SHIB($102M)
15,298 $ETH($52.5M)
20.5M $MATIC($11.24M)
640.27B $PEPE($7.6M)
5.79M $USDT
135M $GALA($3.5M)
…

‼️Please note that the hacker is selling these assets!https://t.co/1uOozAVeM1 https://t.co/ogtVSFITK9 pic.twitter.com/3vPmxqXwbL

— Lookonchain (@lookonchain) July 18, 2024

Another on-chain investigator, ZachXBT, reported on his Telegram page that the wallet also holds about $4.7 million in FLOKI, $2.3 million in Fetch.ai (FET), $3.2 million in Fantom, and $2.8 million in Chainlink.

The hack severely impacted WazirX’s reserves and the market value of affected cryptocurrencies. WazirX’s native token, WRX, dropped by 15% and is now trading slightly above 14 cents. Due to the hacker’s coin liquidation, SHIB lost over 9% of its market value.

WazirX Exchange Suspends Withdrawals

On July 18, WazirX confirmed that one of its multisig wallets had experienced a security breach. This incident resulted in the loss of an undisclosed sum. Following the security breach, the Indian exchange temporarily halted withdrawals of cryptocurrency and Indian rupees from its platform.

The exchange stated:

“Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused.”

Blockchain analytics firm Elliptic reviewed the on-chain analysis and findings and stated that North Korea-backed hacker Group Lazarus carried out the hack. Over recent years, the Lazarus Group has gained notoriety for targeting the cryptocurrency industry through hacking activities. According to a Chainalysis report, these North Korean hackers have stolen over $3 billion in the past five years.

Uncertainty in India’s Crypto Market

On March 21, the Financial Intelligence Unit (FIU) of the Indian Ministry of Finance issued compliance notices to several foreign cryptocurrency exchanges, including OKX. The government asked Indian OKX users to close their accounts and withdraw assets by April 30. The exchange stated it was “no longer providing services to users in India.” Despite nearly four years of discussions by the Indian government, the regulatory framework for the crypto market in India is still unclear.