WazirX Hack Shakes Crypto World, $234.9M Stolen in Major Breach

This article comes to you with the generous support of Betplay.io. Discover the excitement and rewards that await you at Betplay.io with a 100% welcome bonus and 10% weekly cashback!

Major Security Breach at WazirX Exchange

On July 18, 2024, WazirX, one of India's leading cryptocurrency exchanges, suffered a significant security breach. The hack resulted in the theft of approximately $234.9 million in various cryptocurrencies, marking one of the largest incidents of its kind in recent history. The attack was facilitated through Tornado Cash, a privacy-focused mixer, making it challenging to trace the transactions. 

Cyvers Alerts, a blockchain security platform, detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on the Ethereum network, bringing the breach to light.

The stolen assets include a staggering $102 million in Shiba Inu (SHIB), equating to 5.43 trillion SHIB tokens. Ethereum (ETH) worth $52.5 million, or 15,298 ETH, was also taken. Additionally, $11.24 million in Polygon (20.5 million MATIC), $7.6 million in Pepe (640.27 billion PEPE), $5.79 million in Tether (USDT), and $3.5 million in Gala (135 million GALA) were among the cryptocurrencies stolen. 

The hackers also made off with $4.7 million in Floki (FLOKI), $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).

WazirX swiftly responded to the security breach by temporarily suspending withdrawals. However, the hacker had already begun liquidating some of the stolen assets. Specifically, the wallet identified as 0x04b dumped $7.6 million worth of PEPE and swapped GALA and USDT to ETH. 

The hacker transferred part of the funds to two other wallets, 0x90c…F91Fd and 0x35f…745CA, for further dumping.

Web3 Analyst Bradley Park at CryptoQuant provided critical insights, noting the 5.4 trillion SHIB taken off the exchange could be sold for Ethereum at any moment. 

0x04b sent 1.801 trillion SHIB to wallet 0x35f, which sold 201 billion SHIB and transferred 1.6 trillion SHIB to a new wallet dubbed 0x231…cf9b4. Wallet 0x231 continued the selling spree, liquidating 600 billion SHIB and distributing 1 trillion SHIB to three different wallets, with only one still holding a small amount of SHIB.

The market impact of this hack has been profound. Shiba Inu's price dropped approximately 10%, falling to $0.00001720. 

Analysts predict a potential further decline of up to 25% by the end of July as 0x04b still holds 3.633 trillion SHIB, which could drive the price down to $0.00001263. 

Bitcoin was also affected, with the BTC/INR pair declining by 11% to 5.1 million rupees ($60,945). This figure was notably lower compared to other exchanges like CoinDCX, where BTC traded at 5.7 million rupees. On the global stage, BTC's average price was at $61,800 before reclaiming $65,000.

North Korean hackers, suspected to be linked with the notorious Lazarus Group, was said to have orchestrated a sophisticated breach on the WazirX exchange. The Lazarus Group, infamous for previous cybercrimes, including significant crypto thefts, has been a concern for cybersecurity experts for years. Known for its sophisticated tactics and links to the North Korean government, the group has targeted various sectors globally, utilizing advanced methods such as social engineering and malware deployment.

On the same day of the attack, blockchain analytics firm Elliptic flagged the involvement of North Korean-affiliated hackers in this exploit, citing similarities to past Lazarus Group operations.

Polygon Labs' security chief, Mudit Gupta, revealed that the hackers spent at least eight days preparing for the attack, "practicing" onchain before executing it. Gupta explained that the hackers upgraded WazirX's multisig wallet to a malicious version, which allowed them to drain the funds. 

Gupta believes the hackers may have tricked WazirX into upgrading its Safe Implementation Skeleton. He also suggests that the hackers didn't have access to all the required private keys, which is why they may have relied on signature phishing. 

In a statement, WazirX described the attack as a "force majeure event beyond our control" and has blocked some deposits while reaching out to affected wallets for recovery. 

This hack comes at a time when the Indian crypto community is already under significant regulatory scrutiny. The Financial Intelligence Unit (FIU) of India has blocked URLs of several foreign crypto exchanges, including Binance, for non-compliance with local anti-money laundering (AML) policies. 

The regulatory environment in India has also been tough on local exchanges, with a 1% tax deducted at source (TDS) on each transaction leading to decreased trading volumes. Many retail customers are opting for foreign exchanges to avoid these taxes, further complicating the situation.