Indian cryptocurrency exchange WazirX has officially acknowledged a significant security breach resulting in the theft of over $230 million worth of cryptocurrency assets.
In a statement released by the Mumbai-based exchange, WazirX confirmed that the breach occurred within one of their multi-signature wallets, which had been utilizing the services of Liminal’s digital asset custody and wallet infrastructure since February 2023. The incident reportedly stemmed from a discrepancy between the information displayed on Liminal’s interface and the actual signing process, allowing attackers to redirect wallet control.
Liminal, as one of the six signatories on the compromised wallet responsible for transaction verification, clarified that the affected self-custody multi-sig smart contract wallet was created outside their ecosystem. They emphasized the security of all WazirX wallets created on the Liminal platform, stating that malicious transactions occurred exclusively from external sources.
Blockchain analytics firm Elliptic highlighted characteristics indicative of North Korean threat actors behind the attack, noting that the stolen crypto assets were subsequently converted into Ether through decentralized services. Crypto researcher ZachXBT echoed these concerns, suggesting similarities with previous Lazarus Group attacks.
North Korean threat actors have a documented history of targeting the cryptocurrency sector since 2017, purportedly to circumvent international sanctions and fund their nuclear weapons program. Recent investigations by the United Nations revealed numerous intrusions between 2017 and 2023, resulting in illegal revenues totaling $3 billion.
The disclosure of the WazirX breach coincides with global efforts to combat cryptocurrency-related scams. Operation Spincaster, a coordinated law enforcement initiative, recently dismantled networks profiting from approval phishing scams, estimated to have illicitly garnered up to $2.7 billion since May 2021. Approval phishing involves deceiving users into authorizing malicious blockchain transactions, enabling scammers to siphon tokens from victim wallets undetected.
The incident underscores ongoing vulnerabilities within the cryptocurrency ecosystem and highlights the persistent threat posed by sophisticated cyber adversaries.
Related topics: