Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million worth of cryptocurrency assets.
“A cyber attack took place in one of ours (multi-signature) wallets with a loss of funds in excess of $230 million,” the company said in a statement said in the statement. “Since February 2023, this wallet has been operated using Liminal’s digital asset custody services and wallet infrastructure.”
The Mumbai-based company said the attack occurred due to a discrepancy between the information displayed on Liminal’s interface and what was actually signed. It says the payload has been replaced to give control of the wallet to an attacker.
Crypto custodian company Liminal is one of the six signatories of the wallet and is responsible for verifying transactions.
“Our preliminary investigations indicate that one of the self-custodial multi-token smart contract wallets created outside the Liminal ecosystem has been compromised,” Liminal said in a series of messages shared by X.
“It should also be noted that all WazirX wallets created on the Liminal platform continue to remain safe and secure. Meanwhile, all malicious transactions to the attackers’ addresses took place outside of the Liminal platform.”
Elliptic is a blockchain analytics firm said the attack has all the hallmarks of North Korean threat actors, and the attackers have made the move to exchange crypto-assets for ether using various decentralized services.
This was also echoed by crypto researcher ZachXBT on X, who said “WazirX hack has potential signs of Lazarus Group attack (yet again).”
Threat actors associated with North Korea have track record with arrange cyber attacks has targeted the cryptocurrency sector since at least 2017 as a way to circumvent international sanctions imposed against the country.
Earlier this year, the United Nations said it did sensing 58 alleged incursions by nation-state actors between 2017 and 2023 that resulted in 3 billion dollars in illegal income to help him advance his nuclear weapons program.
The disclosure comes amid a coordinated law enforcement operation, code-named Spincaster, which shut down fraud networks that were making illicit profits from approval phishing, a popular tactic in which funds are stolen through fake crypto programs and romance scams (a.k.a. butchering of pigs). As of May 2021, an estimated $2.7 billion has been stolen using this method.
“Using an authorization phishing technique, the fraudster tricks the user into signing a malicious blockchain transaction that authorizes the fraudster’s address to spend certain tokens in the victim’s wallet, allowing the fraudster to drain those tokens from the victim’s address at will.” — Chainalysis said.
