This morning, the crypto industry witnessed one of its most devastating hacks. WazirX, a prominent Indian exchange, was breached, resulting in the theft of over USD 230 million (approximately 2,000 crore INR). The attack, which targeted the exchange's Safe Multisig wallet on the Ethereum network, displayed the complexity and precision of a professional criminal operation.
The sophisticated nature of the hack has fueled speculation about the involvement of the Lazarus Group, a notorious North Korean cybercrime cartel known for its activities in the crypto sphere.
Methodical Attack and Execution
At least eight days before the attack, the hackers rehearsed on the chain, which shows that the criminals were well-prepared. They achieved the hack by replacing the genuine multi-sig wallet with a fake one and this made the process of embezzlement easy.
Mudit Gupta, CISO at Polygon Labs, reckons that cybercriminals obtained two of the four private keys outright and the last two through signature phishing, a swindle involving exposing the walnut user to falsely signed transactions.
The Signature Phishing Technique
It is widely believed that the Lazarus Group, a North Korean cybercrime organization is behind this attack. Considered very technical and having a specific large-scale modus operandi, the group has been associated with multiple breaches in the past.
Consequently, regarding WazirX, one can identify signature phishing, as well as the use of such modern tactics as upgrading multi-sig contracts as specific features that adhere to the activities of the Lazarus Group which was similarly concluded by on-chain investigator ZachXBT. They have emphasised the growing potential of state-sponsored actors as a crypto menace.
Lazarus Group has been confirmed to have been involved in the Harmony Bridge attack by the FBI and they withdrew about 100 million through protocol vulnerabilities. Moreover, Lazarus bears the other attack of a $625 million hack on the Ronin bridge, making it evident the group's ability and relentlessness for the crypto business.
Funding North Korea's Illicit Activities
The Lazarus Group is infamous for its large-scale cyber heists, often funding North Korea's nuclear missile and weapons programs. In 2022, the group laundered over $60 million in Ether using the identity-hiding method RAILGUN and utilized mixers like Tornado Cash and Sinbad to obscure their profits, despite sanctions from authorities.
As the investigation into the WazirX hack continues, the crypto community is on high alert, acutely aware of the sophisticated threats posed by entities like the Lazarus Group.
Read Also: WazirX Under Attack! SHIB, PEPE, LINK, MATIC Impacted in $230 Million Hack
With the Lazarus Group's involvement suspected, the crypto world is on high alert. Stay safe out there!