The hacker behind the $230 million exploit on India’s WazirX exchange has converted most of the stolen assets into ether. Blockchain analytics firm Lookonchain reported this on X (formerly Twitter) on Thursday night.
The hacker exchanged the funds for 43,800 ETH, worth $149.46 million, and now holds around 59,097 ETH. The wallet also contains about $15 million in Dent, Chromia, Celer Network, and Frontier tokens. Lookonchain also noted that the hacker deposited 7.7 million DENT ($7,300) to a previously unused Binance deposit address.
WazirX suffered the breach on Thursday, targeting its multisig wallet on the Ethereum network. Over 200 different crypto assets were stolen, including Shiba Inu, Ethereum, Polygon, and PePe memecoin. WazirX has paused all withdrawals, acknowledging the security breach and calling the incident a “force majeure event” beyond its control.
WazirX released a statement emphasising their commitment to transparency and community welfare. They provided preliminary findings to clarify the situation. The cyberattack occurred in one of their multisig wallets, resulting in a loss of over $230 million. The wallet, operated with the services of Liminal’s digital asset custody and wallet infrastructure, had six signatories—five from WazirX and one from Liminal.
The attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents. During the attack, there was a mismatch between the information displayed on Liminal’s interface and what was signed. The payload was likely replaced to transfer wallet control to the attacker.
Despite having robust security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy, the security measures were breached. WazirX is actively working to locate and recover the funds, having already blocked a few deposits and reached out to concerned wallets for recovery. They are in touch with the best resources to aid in this endeavor.
Meanwhile, blockchain analytics firm Elliptic reported that on-chain data suggests the exploit was conducted by North Korea-linked hackers. This revelation adds a new dimension to the ongoing investigation.
The affected WazirX wallet address is 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4.
WazirX assures its users that they will keep everyone updated with further developments and expressed gratitude for the community’s support during this challenging time.