Mumbai-based WazirX crypto exchange has released its post-mortem report on a “force majeure” incident that allowed a multi-sig wallet hack.
As crypto.news reported earlier on Thursday, WazirX was hacked for $230 million in cryptocurrencies after bad actors compromised UI critical to the platform’s wallet management. The Indian crypto exchange explained that the issue originated from different data displayed on Liminal’s interface, the digital asset custody, and the wallet infrastructure employed by WazirX.
The platform’s multi-sig wallet required three signatures from internal WazirX team members and one final approval from Liminal.
“During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker”, the team said via an X post.
The crypto exchange stated it would “leave no stone unturned” regarding recovering stolen funds and locating the perpetrator.
WazirX recovery unlikely
While WazirX seems determined to chase after the hackers, the prime suspect indicates recovery might be impossible. According to Elliptic and crypto sleuth ZachXBT, the hack bears the hallmarks of the notorious North Korean criminal organization Lazarus.
Lazarus is credited with some of crypto’s largest exploits, like Axie Infinity’s $600 million Ronin Bridge and, most recently, the $308 million DMM Bitcoin theft. The syndicate is also the subject of U.S. sanctions over money laundering and terror financing. Funds are hardly ever recovered when Lazarus is involved.
Blockchain data provider Arkham also noted that the hacker had already offloaded nearly half of the loot. Freezing funds worth $102 million may still be possible depending on the sell destination, whether a centralized exchange or otherwise.
