Mumbai-based cryptocurrency exchange WazirX has released its autopsy report regarding the “force majeure” event that led to the multi-signature wallet attack.
As Crypto.news reported earlier on Thursday, WazirX was hit with $230 million worth of crypto after malicious actors compromised the platform’s critical user interface for wallet management. The Indian crypto exchange explained that the issue stemmed from different data displayed on Liminal’s interface, its digital asset custody service, and the wallet infrastructure used by WazirX.
The platform’s multi-signature wallet required three signatures from internal members of the WazirX team and a final confirmation from Liminal.
“During the cyberattack, there was a mismatch between the information displayed in Liminal’s interface and the information actually signed. We suspect the payload was modified to transfer wallet control to an attacker,” the team wrote via the X post.
The cryptocurrency exchange stated that it will “spare no effort” to recover the stolen funds and find the perpetrators.
At WazirX, our commitment to transparency and community well-being is paramount. There has been a cyber attack on one of our multi-signature wallets. To clarify the situation, here are the preliminary findings:
» Event Summary: A cyberattack occurred on one of our multi-signature wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
WazirX unlikely to be saved
While WazirX appears determined to go after the hackers, the prime suspect is reportedly unlikely to be recovered. According to Elliptic and crypto detective ZachXBT, the attack bears the hallmarks of the notorious North Korean crime syndicate Lazarus.
Lazarus is credited with some of crypto’s biggest exploits, including Axie Infinity’s $600 million Ronin Bridge and, most recently, the $308 million DMM Bitcoin theft. The syndicate is also subject to U.S. sanctions for money laundering and terrorist financing. With Lazarus involved, funds are almost never recovered.
Blockchain data provider Arkham also noted that the hacker had already made off with nearly half of the loot. Freezing the funds, worth $102 million, could still be possible depending on whether it is a centralized exchange or targeted for sale elsewhere.
UPDATE: WazirX Hacker has been removed from SHIB.
This morning, $102.1 million worth of SHIB was stolen from WazirX and sold in full by the attacker. pic.twitter.com/sjCSZJhdIv
— Arkham (@ArkhamIntel) July 18, 2024