Indian crypto exchange WazirX halts trading on its platform following a $230 million exploit on July 18. The company has launched a recovery program, offering up to 10% of the hacked amount ($23 million) for fund recovery and up to $10,000 for help in freezing the funds. However, evidence indicates that North Korea’s Lazarus Group is behind the attack, and assets from their hacks are rarely recovered.
Cryptocurrency exchange WazirX has halted trading on its platform due to a recent exploit that resulted in $230 million being drained from its wallet on July 18, following a private key compromise.
“The cyber attack has affected our ability to maintain 1:1 collaterals with assets, leading us to temporarily pause trading,” WazirX stated in an announcement on X. The attack saw over $100 million worth of Shiba Inu (SHIB), along with millions in MATIC, PEPE, USDT, and GALA tokens, stolen. Evidence suggests the North Korean state-sponsored Lazarus Group is behind the attack, with most of the stolen assets now converted into ether.
“We are conducting thorough forensic data examinations and security audits and aim to enable withdrawals soon. User safety is our top priority,” WazirX stated in its announcement.
The exchange also announced a bounty program, inviting cybersecurity and blockchain experts to help track, freeze, or return the funds, emphasizing the importance of protecting the integrity of the crypto ecosystem.
Initially, the company offered 5% of recovered funds as an incentive for their full return, but later doubled the reward to 10% following feedback from blockchain sleuth ZachXBT, according to the company’s post. Additionally, the company is offering “up to $10,000 worth of USDT” for “actionable intelligence leading to the freezing of the funds.” This program will last three months, though the timeframe may be adjusted.
“$10M bounty means nothing if it is indeed the Lazarus Group as they are unlikely to return the funds or be held legally accountable. 5% is lower than the 10%+ industry standard,” ZachXBT wrote. He clarified that he would not be assisting in the investigation, stating, “I do not have the resources to follow a potential Lazarus Group hack like this 24/7 as it requires many hours.”
Recoveries from Lazarus Group hacks are exceedingly rare. When $30 million was recovered in September 2022 from the group’s $600 million hack of Axie Infinity’s Ronin Bridge, it was the first time funds linked to North Korea’s hacking group had been seized, according to Chainalysis. However, Erin Plante, senior director of investigations at Chainalysis, expressed optimism for future recoveries, stating, “We’re confident it won’t be the last.”
Hackers may have links to North Korea
In an effort to recover the stolen funds, WazirX has launched a bounty program offering up to $23 million for information leading to the arrest of the culprits and the return of the stolen assets. Preliminary investigations by risk-management firm Elliptic suggest that the hackers may be linked to North Korea. Elliptic stated in a blog post that hackers affiliated with North Korea appear to have executed the hack. “The North Korea attribution is based on similarities in the types of services these hackers have used previously, as well as similarities in their transactional behavior,” said Tom Robinson, co-founder of Elliptic, in an email.
You might also be interested in – SEBI suggests monitoring crypto trading, while RBI maintains concerns about ‘risk’.