Recently, the blockchain security firm Cyvers Alert sounded the alarm on the Indian exchange WazirX, reporting an exploitation that resulted in a staggering loss of approximately $235 million. According to Cyvers, suspicious transactions were detected involving WazirX’s Safe Multisig wallet on the Ethereum network, with a total of $234.9 million being transferred to a new address. What is particularly alarming is that each transaction’s caller was funded by Tornado Cash, a tool often associated with illicit activities in the crypto space.
Blockchain analyst Lookonchain provided further details on the stolen assets, revealing that they included a substantial amount of various cryptocurrencies. The stolen assets comprised 5.43 trillion SHIB tokens valued at $102 million, 15,298 ETH totaling $52.5 million, 20.5 million MATIC worth $11.24 million, 640.27 billion $PEPE valued at $7.6 million, 5.79 million USDT, and 135 million GALA worth $3.5 million. The attacker reportedly engaged in selling and converting these assets primarily into ETH, further complicating the situation.
Following the security breach, WazirX acknowledged the incident in a post on X platform, confirming that one of its multisig wallets had been compromised, leading to an undisclosed loss. In response, the platform took immediate action by temporarily suspending INR and crypto withdrawals to safeguard the remaining assets of its users. This incident has raised concerns about the overall security measures implemented by exchanges, especially in light of the increasing frequency of cyber attacks targeting the crypto industry.
Cyvers Alert hinted at a potential involvement of the North Korea-backed hacker Group Lazarus in the WazirX attack, citing the use of TornadoCash in funding the illicit transactions as a key indicator. Deddy Lavid, the Co-founder & CEO of Cyvers Alert, pointed out the similarities between this incident and previous high-profile attacks associated with Lazarus Group. While definitive links are yet to be established, the possibility of such a notorious hacking group targeting the crypto sector is indeed unsettling.
The WazirX hack serves as a stark reminder of the vulnerabilities inherent in the crypto space and the pressing need for robust security protocols to safeguard digital assets. As malicious actors continue to exploit weaknesses in exchanges and wallets, the onus is on the industry stakeholders to prioritize security measures and stay vigilant against potential threats. The collaboration between security firms, regulatory authorities, and crypto platforms is crucial in mitigating risks and ensuring the long-term viability of the crypto ecosystem.
