$230 million worth of cryptocurrency assets were stolen in a security breach that targeted the Indian cryptocurrency exchange, WazirX. The company has officially acknowledged this incident.
“According to the company’s statement, one of our [multi-signature] wallets experienced a cyber attack resulting in a loss that exceeds $230 million. We had been utilizing Liminal’s digital asset custody and wallet infrastructure for this particular wallet since February 2023.
According to the Mumbai-based organization
The assault originated from a discrepancy in Liminal’s interface information and what was legitimately authorized. The company clarified that an attacker substituted the payload aiming to acquire leverage over wallet control.
Liminal, a crypto custody company, is accountable for transaction verification as one of the six signers on the wallet.
Liminal announced through a series of posts on X that their initial probes reveal the compromise of one self-custody multi-sig smart contract wallet, developed outside Liminal’s ecosystem.
Furthermore, it should be highlighted that WazirX wallets established on the Liminal platform have been and continue to remain safeguarded.
However, any malicious transactions directed toward the attacker’s addresses originated outside of the Liminal platform.
According to Elliptic, a company specializing in blockchain analytics, the assault exhibits typical characteristics of North Korean hackers.
Furthermore, they revealed that attackers utilized diverse decentralized services to convert cryptocurrency assets into Ether.
ZachXBT, a crypto researcher on X platform, reiterated that the WazirX hack shows similarities to previous Lazarus Group attacks.
He stated “yet again” highlighting their track record of such incidents.
Since 2017, North Korea-linked threat actors have consistently initiated cyber attacks on the cryptocurrency industry to circumvent international sanctions.
At the beginning of this year, a statement was released by the United Nations on their investigation into 58 possible instances of trespassing conducted by actors representing a nation-state from 2017 to 2023.
These activities apparently resulted in an illegal income totaling $3 billion which they allegedly used to further develop their nuclear weaponry program.
Spincaster
The revelation was made amidst a synchronized law enforcement campaign known as Spincaster which dismantled fraudulent networks generating illegal income from authorization phishing, an extensively employed strategy where sham crypto applications and romance scams (also called pig butchering) are used to embezzle funds. The amount of money stolen through this approach is approximated at $2.7 billion since May 2021.
Chainalysis stated
Scammers deceive users with approval phishing, tricking them into endorsing a blockchain transaction that lets the scammer use specific tokens from the victim’s wallet.
Consequently, this grants complete leverage for transferring those tokens from the victim’s account at any given moment of interest.
Nice initiative.
Right security is needed
Oh my gosh $230 million is much hope they’ll recover cause that’s a lot…