News

WazirX Hacked for $230M, Largely in SHIB, as Elliptic Says North Korea Behind Attack

  • Indian crypto exchange WazirX experienced a security breach in one of its multisig wallets, leading to the loss of user funds and over $230 million in withdrawals.
  • The exploiter is actively selling the stolen tokens, including $100 million worth of shiba inu, and $52 million in ether, on the onchain exchange Uniswap.
  • These stolen funds account for over 45% of the total reserves cited by the exchange in a June 2024 report.

Indian crypto exchange WazirX saw over $230 million in withdrawals in early European hours on Thursday as a security breach affected one of its wallets, causing the loss of user funds.

"We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident," the exchange confirmed in an X post. "To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused."

Blockchain sleuth Elliptic said that North Korea-linked hackers appear to have perpetrated the attack.

The stolen funds account for over 45% of the exchange's $500 million holdings, which it disclosed in a June report. The Indian exchange's live proof of reserve site was down for maintenance as of the time of writing.

WazirX identified the multisig wallet's provider as crypto custody firm Liminal in a follow-up post , hours after the initial confirmation. It later deleted the post as Liminal said that the wallets that were created "outside of the Liminal ecosystem had been compromised."

Multisig wallets are a type of crypto wallet that requires two or more private keys to authenticate and confirm transactions before they are processed.

The Indian Financial Ministry declined to comment on the attack or its implications for the country's crypto ecosystem.

Blockchain data tracked by Lookonchain shows over $100 million worth of shiba inu (SHIB) tokens were withdrawn, the most among lost funds, followed by $52 million in ether (ETH) , $11 million in Matic's MATIC, and $6 million in pepe (PEPE).

Transactional data shows the exploiter is actively selling the stolen holding using the onchain exchange Uniswap. The exploiter is yet to sell their ETH holdings, and holds over $4.2 million in FLOKI tokens

WazirX is popular among Indian traders and primarily targets the Indian market. It is among the few Financial Intelligence Unit (FIU) registered exchanges in the country, allowing it to offer crypto exchange services to Indian citizens.

CoinGecko data shows WazirX exchanged at least $2.2 million in volumes in the past 24 hours, led by tether (USDT) stablecoins and XRP.

UPDATE (July 18, 08:25 UTC) : Adds context and background.

UPDATE (July 18, 08:41 UTC) : Adds bullets and additional details on reserves.

UPDATE (July 18, 09:49 UTC) : Adds additional comment from WazirX.

UPDATE (July 18, 10:26 UTC) : Adds Elliptic statement, updates headline.

(Amitoj Singh contributed reporting.)