Indian cryptocurrency exchange WazirX has potentially lost $234.9 million worth of funds in a massive security breach, that was first reported by cybersecurity firm ‘Cyvers Alerts’. The official handle of WazirX has confirmed the security breach and halted all withdrawals from their exchange till the investigation is completed.
Cyvers Alerts reported unauthorized transactions involving their Safe Multisig wallet in which funds were moved to a different wallet on the Ethereum network, suspecting a massive hack at WazirX.
As per proof of reserve report June 2024 released by WazirX, the exchange had total holdings valued at $503.64 million, out of which $234.9 million was moved by unknown elements, that amounted to nearly 50% of total holdings.
The transactions reportedly originated from accounts funded by TornadoCash, a cryptocurrency mixing service commonly used to obfuscate transaction trails, which made the experts at CyversAlerts suspicious. TornadoCash has been banned in US and many countries.
Cyvers Alerts alleged that the transferred funds were swiftly converted from various digital assets like $PEPE, $GALA, and $USDT into Ethereum ($ETH) and further into other digital assets. This rapid conversion could be an attempt to launder the stolen funds. The attacker still has more than $100 Million worth of SHIB and more than $4.7 Million FLOKI to sell.
The stolen tokens include 5.43T Shib, 15,298 ETH, 20.5M Matic, 640.27B Pepe, 5.79M USDT, 135M Gala, and many more. The assets have been transferred from WazirX to the wallet “0x04b2.” The attacker has dumped almost 640.27 billion Pepe tokens($7.6 million).
Meanwhile, WazirX issued a statement on X claiming, “We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident.” The exchange has stopped INR and crypto withdrawals temporarily to ensure the safety of its users’ funds.
According to onchain analysis and other information reviewed by Blockchain analytics firm Elliptic, the hack was perpetrated by North Korean hackers.
Arkham Intel, a web3 intelligence platform, announced a “bounty” of 5000 ARKM for anyone who either identifies a KYC centralized exchange deposit or reveals the identity of the exploiter or ensures return of funds.
Also Read: North Korea’s Lazarus Group Behind $230 Million WazirX Hack: Reports
