WazirX Hacked for $230M, Largely in SHIB, as Elliptic Says North Korea Behind

[ABCbits]

WazirX Hacked for $230M, Largely in SHIB, as Elliptic Says North Korea Behind Attack

Indian crypto exchange WazirX saw over $230 million in withdrawals in early European hours on Thursday as a security breach affected one of its wallets, causing the loss of user funds.

"We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident," the exchange confirmed in an X post. "To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused."... Read more here.


It's only been about 2 months since DMM exchange got hacked with $230m loss over $300m loss. Although i don't understand why most loss caused by stolen SHIB, is SHIB very popular in India? Your opinion is greatly appreciated.

[Yamane_Keto]

It's only been about 2 months since DMM exchange got hacked with $230m loss. Although i don't understand why most loss caused by stolen SHIB, is SHIB very popular in India? Your opinion is greatly appreciated.

I do not think that the reason is popularity, but rather a technical problem in one of the multi-signature wallets which was contain SHIBA.
Some statistics indicated that the amount is approximately equal to over 45% of the total reserves, and that about 23% of it is in Shiba Inu currency, and I do not know how a platform can invest all these amounts in Shiba Inu.
Hacking a multi-signature wallet indicates a complete technical failure.

[Charles-Tim]

Hacking a multi-signature wallet indicates a complete technical failure.

I do not think it is technical failure than the exchange failure. It could be 2-of-2 multisig which can make the hacker to make 2 times effort with the help of an insider or some insiders. Exchanges needs to hire better organizations that can help in security.

[Zed0X]

~
Although i don't understand why most loss caused by stolen SHIB, is SHIB very popular in India? Your opinion is greatly appreciated.

It's probably just a coincidence but that's a lot of SHIB stored on their wallet.

~
Exchanges needs to hire better organizations that can help in security.

Yeah, also make the effort to ensure that they are not compromised. I'm reminded of the two consultants hired by our local exchange that exploited the platform and took 12.2 Million XRP

[bee]

My big question, why North Korea? Does that country really have such dangerous intelligence resources? Or are such actions facilitated by their government? Everywhere I have read stories about the country's dictatorship and very limited state facilities which conclude that it is impossible for hackers to come from the civilian population.

[TomPluz]

It's only been about 2 months since DMM exchange got hacked with $230m loss. Although i don't understand why most loss caused by stolen SHIB, is SHIB very popular in India? Your opinion is greatly appreciated.

I am not sure why hackers chose SHIB as their main point interest...but there is no question that anybody can sell the same in different exchanges not unless of course WazirX will be able to successfully ask exchanges to froze the said movement. On this hack, I am sad to hear that there is another platform victimized by the hacking powerhouse from North Korea. Seems to me that hacking has been a very profitable enterprise by people based in North Korea and I am sure that their government is very much behind the scene and can even be the capitalist of the said venture. I still don't understand how come good hackers can be 3 steps ahead in encroaching into the security portal of different crypto platforms...taking away millions of dollars worth of digital assets away from them. Sad to see I don't see any long-term solution to this big problem in the crypto industry so I am sure that a month from now we can read the same kind of news again.

[bhadz]

My big question, why North Korea? Does that country really have such dangerous intelligence resources? Or are such actions facilitated by their government? Everywhere I have read stories about the country's dictatorship and very limited state facilities which conclude that it is impossible for hackers to come from the civilian population.

If you'd search for some articles and videos about them hacking large companies, they're proven to be doing this. IIRC, there was this Lazarus named group from there, I am not sure if they're government backed or not but most likely they are since it is a hermit kingdom that everything is controlled by its government. And in the past, two years ago, they've hacked Sky Mavis' ronin network.

[Husires]

I noticed that hackers attacks related to Bitcoin have become fewer and that hackers have moved to altcoins.

My big question, why North Korea? Does that country really have such dangerous intelligence resources? Or are such actions facilitated by their government? Everywhere I have read stories about the country's dictatorship and very limited state facilities which conclude that it is impossible for hackers to come from the civilian population.

Some of the cyberattacks related to cryptocurrencies have been attributed to APT38, an office in North Korea that claims to launder cryptocurrencies for the government.

[Stompix]

Hacking a multi-signature wallet indicates a complete technical failure.

If the employees are storing the keys in emails or they are sending it to each other via telegram or WhatsApp when it's needed then you can have 100 sigs and it won't help you.

The cyber attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.

So they basically signed a black check!
What kind of security is that when you can't even be sure what you agree with as it's presented by a 3rd party and you can't check the data for accuracy?

[yhiaali3]

My big question, why North Korea? Does that country really have such dangerous intelligence resources? Or are such actions facilitated by their government? Everywhere I have read stories about the country's dictatorship and very limited state facilities which conclude that it is impossible for hackers to come from the civilian population.

It is not related to intelligence resources, but to hacking and electronic piracy skills. Most of the accusations indicate that the Lazarus group is behind most of the hacks that occurred. The reason seems to be that they have great experience in the field of hacking and searching for vulnerabilities, and it also appears that they are supported by the government.

I think the main reason why most of the hacking comes from North Korea is that it is outside international law and from there they can work freely without fear of legal prosecution because North Korea does not abide by any international laws.

[NotATether]

I do not think it is technical failure than the exchange failure. It could be 2-of-2 multisig which can make the hacker to make 2 times effort with the help of an insider or some insiders. Exchanges needs to hire better organizations that can help in security.

It is both a security failure and an operational failure.

Security failure because the hackers should not have been able to get both of the signing keys for the wallet.

Operational failure because they do not have enough funds to swallow the loss, now they've actually paused withdrawals because they don't have any profits to cover the ones stolen from the hack, so now users will suffer. Binance and the other large exchanges have a large stash of assets stored a way so that if the hot wallet is drained, they can replenish it from the stash and no user funds are lost. But this exchange looks like it's going to be in big trouble or insolvent now if they don't find new capital.

[pakhitheboss]

It could not have been done without an internal support. A multi signature wallet getting hacked is shows there was a technical issue which can be only known by an employee. I am more interested to know what course of action the exchange and Indian government will take. The government already has made it hell for the Indian crypto community with thier ridiculous tax system. After this hack the struggling Indian exchanges would lose more volumes.

[Kemarit]

Historically, North Korea has been the crux of crypto exchanges, in the beginning though it was all South Korean attack but now it seems that they are targeting all crypto exchanges that have vulnerabilities.

Question though, Indian are taxing crypto right? Will it happen that the government are going to pay or are they liable to pay as per law? Maybe we can argue that since we are paying tax, somewhat they could held accountable as well?

[Yamane_Keto]

Hacking a multi-signature wallet indicates a complete technical failure.

I do not think it is technical failure than the exchange failure. It could be 2-of-2 multisig which can make the hacker to make 2 times effort with the help of an insider or some insiders. Exchanges needs to hire better organizations that can help in security.

2-of-2 multisig is the worst type of multi-signature wallet, and if this is the setup of the #DevelopmentTeam , it is a complete failure of the system.

Hacking a multi-signature wallet indicates a complete technical failure.

If the employees are storing the keys in emails or they are sending it to each other via telegram or WhatsApp when it's needed then you can have 100 sigs and it won't help you.

If they were, then why were they paid? it led to the loss of millions of dollars. If this is how they deal with customers’ money, then the customers’ data must have been hacked.

[MUGNIA]

Hacking a multi-signature wallet indicates a complete technical failure.

I do not think it is technical failure than the exchange failure. It could be 2-of-2 multisig which can make the hacker to make 2 times effort with the help of an insider or some insiders. Exchanges needs to hire better organizations that can help in security.

This insider help definitely plays a role if that's the case, because an exchange should have accurate security and if something happens it should be alert and not lose too much,