Indian cryptocurrency exchange WazirX has confirmed a security breach that allowed suspected North Korean hackers to steal over $230 million worth of crypto assets from one of its multisig wallets using Liminal’s digital asset custody.
“A cyber attack occurred in one of our wallets involving a loss of funds exceeding $230 million,” WazirX said. “This wallet was operated utilizing the services of Liminal’s digital asset custody and wallet infrastructure from February 2023.”
A multisig wallet requires several entities to authorize every transaction to prevent fraud. Liminal was among six signatories assigned to the digital wallet and was responsible for verifying transactions.
The crypto heist severely affected WazirX, wiping off more than 45% of its $500 million fortune and forcing the crypto exchange platform to temporarily pause trading.
Liminal and WazirX trade blame over security breach
On its part, WazirX says the attack resulted from a mismatch between the information displayed on Liminal’s interface and the transaction data, which was replaced to transfer wallet control to the attacker.
“The cyber attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents,” the cryptocurrency exchange said.
However, Liminal Custody says the security breach affected a multi-sig wallet created outside its ecosystem while all wallets created on its platform remained safe.
“Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised,” Liminal posted on X. “It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected.”
The wallet provider also asserted that there was no security breach on “Liminal’s infrastructure, wallets, and assets” and that “all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform.”
Suggesting a sophisticated attack by an advanced threat actor, Liminal disclosed that several machines involved in the ill-fated transaction were compromised.
“Unfortunately three of the victims machines have been found injecting malicious payloads into the transaction indicating a sophisticated, well planned and targeted attack on one specific Gnosis Smart Contract Multi-Sig wallet.”
Meanwhile, Liminal said it was assisting the Indian cryptocurrency exchange platform in investigating and recovering stolen cryptocurrency assets.
“Adhering to our rigorous security protocols, the Liminal team is also readily assisting the Wazirx team as they carry out their investigation,” Liminal said.
Lookonchain says the security breach resulted in the loss of over 200 cryptocurrencies, including 5.43 billion SHIB, 15,200 Ethereum, 5.79 million USDT, 135 million GALA, and 640 billion Pepe tokens.
Cryptocurrency exchange platform WazirX takes legal action after crypto heist
Meanwhile, WazirX has described the security breach as a “force majeure” event beyond its control but promised to “leave no stone unturned” to recover the stolen funds.
“We have already blocked a few deposits and reached out to concerned wallets for recovery,” the cryptocurrency exchange platform said. “We are in touch with the best resources to help us in this endeavor.”
Additionally, the cryptocurrency exchange has filed a police complaint, notified India’s Financial Intelligence Unit, initiated additional legal actions, and engaged India’s Computer Emergency Response Team (CERT-In).
“In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed,” WazirX posted on X on Jul 19, 2024.
Similarly, WazirX announced a bug bounty program to assist the cryptocurrency exchange in freezing stolen assets in exchange for 10% of the recovered asset’s value.
Currently, WazirX says its priority is to trace and recover the stolen assets and understand the security breach that enabled the threat actor to compromise its multisig wallet. Several global exchanges were assisting the Indian cryptocurrency exchange to trace the stolen funds.
“We are collaborating with forensic experts and law enforcement agencies to identify and apprehend the perpetrators,” the company said.
North Korea’s Lazarus group implicated in the WazirX crypto heist
Blockchain analytics firm Elliptic has attributed the WazirX crypto heist to North Korean hacking group Lazarus, which was using various decentralized services to swap the stolen assets into Ether.
Similarly, Crypto researcher ZachXBT noted that the WazirX crypto heist had the “potential markings of a Lazarus Group attack (yet again).”
Between 2017 and 2023, North Korean state-sponsored hackers, including Lazarus, have stolen over $3 billion in crypto assets. The hermit kingdom uses the stolen funds to finance its nuclear program.