KEY POINTS WazirX said the exploit was a 'force majeure event beyond our control'

Most of the stolen assets were in $SHIB, while the rest were in $ETH and other tokens

Crypto users raised concerns about chances of fund recovery being low if Lazarus was indeed behind the hack

WazirX, a cryptocurrency exchange giant based in India, has been exploited for over $230 million after one of its multisig wallets suffered a security breach that blockchain security firms and experts said appears to have been carried out by North Korea-linked hackers.

WazirX security breach

Multiple blockchain security and analysis firms flagged the exploit that affected user funds Thursday, revealing that most of the cryptocurrencies stolen were in popular memecoin Shiba Inu ($SHIB). WazirX confirmed the attack, publishing preliminary findings of an investigation "to clarify the situation."

At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:



» Incident Overview: A cyber attack occurred in one of our multisig wallets… — WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

Exchange says the attack was beyond its control

WazirX, which describes itself as the largest crypto exchange in India, said it had robust security features and the cyberattack was "a force majeure event beyond our control." It said it will continue to locate and recover the pilfered funds and has reached out to "the best resources to help us in this endeavor."

Hackers dump stolen $SHIB

Leading blockchain analytics firm Arkham Intelligence revealed late Thursday that the $102.1 million in stolen $SHIB "has now been fully sold off by the attacker."

UPDATE: The WazirX Hacker is out of SHIB.



$102.1M SHIB was stolen this morning from WazirX and has now been fully sold off by the attacker. pic.twitter.com/sjCSZJhdIv — Arkham (@ArkhamIntel) July 18, 2024

Following news of the dump, the token, which is the Top 2 memecoin on CoinGecko's ranked meme tokens, slumped by over 8%.

A Lazarus Group attack?

Prominent crypto sleuth ZachXBT, who identified the KYC (know your customer) deposit address used by the exploiter to receive the stolen funds, revealed that upon tracing the hacker's movements, he determined that "the WazirX hack has the potential markings of a Lazarus Group attack (yet again)."

6/ This is where my tracing ends as the BTC appears to come from an unknown service making it difficult to trace.



All I can say is the WazirX hack has the potential markings of a Lazarus Group attack (yet again)



Hopefully the WazirX team will be transparent with their… https://t.co/IjzlI76TRQ — ZachXBT (@zachxbt) July 18, 2024

Elliptic, another blockchain intelligence firm, said the exploit was a "North Korea-linked breach." It added that more than 200 different digital assets were stolen, including some $52.6 million worth of Ether ($ETH), the native cryptocurrency of the Ethereum blockchain, and around $7.6 million of the $PEPE memecoin.

Elliptic confirmed Arkham's earlier revelation that some of the pilfered assets were already sold off. Some were swapped for $ETH "using a variety of decentralized services, an expected initial step of a typical laundering process."

Who is Lazarus Group?

Lazarus Group is a notorious North Korea-linked hacking group tied to multiple exploits in the crypto space. Within a three-year period, the exploiters are said to have laundered some $200 million in pilfered crypto.

ZachXBT published a lengthy report in April, unveiling the tactics used by Lazarus Group to cover its tracks as it laundered the funds it stole across over 25 hacks carried out between August 2020 and October 2023.

Crypto users react to the massive exploit

Pankaj Tanwar, the founder of the crypto education platform BTC Expert India, said he hopes WazirX can recover the funds. "This mistake will damage crypto in India beyond imagination," he said.

Still not able to understand, 6 people there, need 4 to verify still hacked and blame game. Hope you guys will be able to recover funds as millions of users household on stake - This mistake will damage #Crypto in India beyond imagination. — Pankaj Tanwar (@pankjtanwar) July 18, 2024

One user questioned why the exchange "keep your 50% fund in a single wallet." WazirX is known to have held some $500 million worth of assets before the exploit, as per prominent Indian crypto figure Aditya Singh. "It's over for you guys. It's Lazarus Group. They have already sold and converted to cash," the user said.

As per the Latest POR report, Wazirx was Hodling $503 Million worth of Crypto.



Hack is worth $230 Million as of now.



If this amount is not recovered, can become a big problem for the exchange. pic.twitter.com/OAGa0KQJRB — Aditya Singh (@CryptooAdy) July 18, 2024

It is unclear whether WazirX is working with law enforcement to help recover the funds.