The Indian cryptocurrency exchange WazirX has suffered the loss of virtual assets worth over $230 million due to a cyberattack linked to North Korea. The attack targeted one of the company’s multi-signature wallets, which requires multiple keys to authorize transactions.
The compromised wallet was signed by six individuals: five from WazirX and one from Liminal. Most transactions on the platform require the approval of three WazirX signatories and one Liminal signatory. The attackers managed to bypass the security system by exploiting a discrepancy between Liminal’s interface and the actual transaction data.
Following the discovery of the attack, WazirX suspended all cryptocurrency withdrawals and blocked several deposits. The company also contacted the owners of the affected wallets to assist in recovering the funds. Exchange representatives described the incident as a “force majeure,” emphasizing that all necessary measures to protect customer assets had already been taken.
Blockchain analytics platform Lookchain reported that the stolen assets have been traced, and the thieves are seeking buyers. British firm Elliptic, specializing in blockchain analytics for financial compliance, indicated that the culprits have begun exchanging the stolen tokens for the cryptocurrency Ether through various decentralized services. According to Elliptic, the criminals are linked to North Korea, which uses cryptocurrency to evade international sanctions and fund its nuclear program.
WazirX, one of the largest cryptocurrency exchanges in India with 16 million users, was acquired by Binance in 2019. However, the deal sparked numerous disputes: Binance founder Changpeng Zhao claims the deal was never finalized, while WazirX co-founder Nischal Shetty insists otherwise.
The association with Binance brought additional complications for WazirX. In December 2023, Binance’s operations were suspended in India for violating anti-money laundering regulations. The platform resumed operations only last month after paying a fine of $2.25 million.
WazirX has also faced issues with Indian regulators: in August 2022, the company had $8.1 million in funds frozen as part of a money laundering investigation.
Legislation to ban or restrict cryptocurrencies is periodically discussed in India, but as of mid-2024, no definitive decision has been made. According to Joanna Cheng of Fireblocks, the lack of clear regulation in India’s cryptocurrency industry creates uncertainty and risks for both companies and individual users.
