Indian cryptocurrency exchange WazirX suffered a catastrophic security breach on July 18, 2024, with at least $230 million in digital assets stolen from one of its multisignature wallets. Blockchain security firms quickly traced the attack to North Korean hacking syndicate Lazarus Group, marking one of the largest crypto heists of the year.
TL;DR
- WazirX lost over $230 million in a cyberattack targeting a multisig wallet
- Blockchain analysts Elliptic attributed the hack to North Korea’s Lazarus Group
- Stolen assets included ETH, stablecoins, and various tokens rapidly swapped through decentralized services
- WazirX halted all withdrawals and reported the breach to authorities
- The exchange held approximately $500 million in reserves as of June 2024
The Attack: How $230 Million Vanished
The breach was first detected on the evening of July 17 when blockchain security firms including Elliptic, Arkham, and BlockSec noticed millions of dollars in cryptocurrency flowing out of WazirX wallets at an unusual pace. By the time the company acknowledged the incident on July 18, the damage was already done.
WazirX confirmed that a cyberattack had compromised one of its multisignature wallets. In a public statement posted to social media, the company described the incident as a “force majeure event beyond our control” and emphasized that the team was “leaving no stone unturned to locate and recover the funds.”
Elliptic’s analysis put the total losses at approximately $235 million, slightly higher than WazirX’s own preliminary estimate of $230 million. The stolen assets spanned a range of cryptocurrencies, including Ether (ETH), U.S. dollar-pegged stablecoins, and various other tokens.
North Korea’s Lazarus Group Suspected
Multiple blockchain investigators quickly linked the attack to North Korean state-sponsored hackers. Elliptic attributed the incident to actors affiliated with North Korea based on blockchain data and additional intelligence. Prominent on-chain investigator ZachXBT noted that the attack carried “the potential markings of a Lazarus Group attack.”
The attackers demonstrated sophisticated operational tradecraft, immediately swapping stolen tokens for Ether using a variety of decentralized services in an apparent effort to obscure the trail of funds. This pattern is consistent with Lazarus Group’s well-documented laundering playbook, which typically involves converting stolen assets through decentralized exchanges and privacy tools before moving them to custodial wallets.
Scale of North Korean Crypto Theft
The WazirX hack fits into a broader pattern of North Korean cyber operations targeting cryptocurrency platforms. According to United Nations investigators, 58 cyberattacks on cryptocurrency firms have been allegedly conducted by North Korean hackers, netting approximately $3 billion in stolen digital assets over a six-year period.
The timing of the WazirX breach was particularly notable, coming just weeks after Japanese exchange DMM Bitcoin lost more than $300 million in Bitcoin, and days after another platform reported roughly $8 million stolen. The cryptocurrency sector continues to face persistent threats from both cybercriminals and nation-state actors exploiting vulnerabilities in platform security.
WazirX Response and Customer Impact
Following the breach, WazirX immediately shut down all withdrawals to protect remaining assets. The company stated it had already blocked some deposits and reached out to concerned wallet addresses in an effort to recover funds. WazirX had reported approximately $500 million in reserves as of June 2024, meaning the hack effectively wiped out nearly half of the platform’s total holdings.
Founded in 2017, WazirX is one of India’s largest cryptocurrency exchanges. The platform was reportedly acquired by Binance in 2019, though the two parties later clarified in 2022 that Binance had only intended to purchase “certain assets and intellectual property of WazirX,” leaving the ownership structure ambiguous.
Why This Matters
The WazirX hack underscores the persistent security vulnerabilities in centralized cryptocurrency exchanges, even those employing multisignature wallet infrastructure. As North Korean hacking groups continue to refine their attack methodologies, the incident serves as a stark reminder that platform security remains one of the crypto industry’s most critical challenges. For users, the event highlights the fundamental trade-off between the convenience of exchange-held assets and the security of self-custody solutions.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Readers should conduct their own research before making any investment decisions.
Lazarus hitting a $500M exchange and walking away with $235M through a multisig wallet. The speed they swapped everything through tornado was surgical.
WazirX calling it a force majeure event is wild. You got hacked because your multisig setup was weak, not because of an act of god.
halting withdrawals immediately was the right call but Indian users are still waiting. $500M in reserves and $230M gone means a lot of people got haircut badly.
elliptic and arkham both pointing to lazarus within hours shows how far on-chain forensics has come. north korea is running a parallel economy on crypto hacks at this point