North Korean Hackers Implicated in WazirX Breach, Says Elliptic

Analysts at Elliptic tracked the movement of funds stolen from the Indian cryptocurrency exchange WazirX, which was breached today, July 18. They concluded that North Korean hackers were behind the cyberattack.

The total damage from the breach is estimated at $235 million at the time of writing. More than 200 different digital assets were stolen, including SHIB worth approximately $96.7 million, $52.6 million in Ethereum, $11 million in MATIC, and $7.6 million in PEPE. 

“Chain analysis and [laundering through DeFi services] indicate that this breach was carried out by hackers linked to North Korea,” the researchers noted.

Elliptic has added the hacker’s address to its system, ensuring that the company’s clients (exchanges and trading platforms) will be alerted if the stolen funds appear on their platforms.

Previously, analysts announced a reward for assistance in determining the circumstances of the breach, capturing the hacker, or recovering the funds. One of the rewards was claimed by on-chain researcher ZachXBT. He “provided compelling evidence of a KYC-linked deposit address that the perpetrator used to receive funds from WazirX.”

This bounty has been solved by ZachXBT@ZachXBT submitted definitive evidence of a KYC-linked deposit address used by the exploiter to receive funds from the WazirX exploit. This fulfills one of the criteria of the bounty — ‘Identifying a KYC centralized exchange deposit’.

This… https://t.co/6rerMi65zC

— Arkham (@ArkhamIntel) July 18, 2024

Experts believe that the WazirX breach was caused by a private key leak. The perpetrator used it to update the secure wallet implementation to a malicious contract.