The WazirX Heist: Unraveling a $235 Million Crypto Breach
In a significant development in the cybersecurity realm, Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) division has apprehended SK Mausad Alam from West Bengal for his alleged involvement in the notorious WazirX hack. This incident, which unfolded in July, marked one of the largest breaches in the cryptocurrency industry, with losses amounting to approximately $235 million.
Inside the Hack: A Tale of Deception and Exploitation
The breach targeted both hot and cold wallets of WazirX, India’s largest crypto exchange, leading to substantial financial losses. According to the police, Alam played a pivotal role by fraudulently creating an account under the alias ‘Souvik Mondal’ and subsequently selling the login credentials to an individual known as “M Hasan” through Telegram.
The chargesheet, as reviewed by Decrypt, reveals that Alam was enticed by a buyer who promised a lucrative sum for crypto accounts with complete credentials. In exchange for his WazirX account credentials, Alam reportedly received a modest sum of 08 USDT in his Binance account. Further investigations uncovered that Alam had received crypto deposits worth $107,000 in the WazirX account created using his credentials.
The hackers employed a calculated approach by draining WazirX’s hot wallet of GALA tokens, compelling the exchange to transfer more assets from its cold wallet. This maneuver eventually allowed the attackers to access WazirXโs multisignature wallet, facilitating the theft of millions in cryptocurrency.
Investigation Challenges and Findings
Initially, the attack was linked to the North Korea-based hacker group Lazarus by cybersecurity firm Elliptic. However, the investigation by Delhi police highlighted that the breach was executed through external means, with no evidence of unauthorized access to WazirX’s internal systems.
Throughout the investigation, WazirX cooperated fully with the authorities, providing essential data such as KYC records and transaction logs. However, challenges arose when attempting to obtain critical data from Liminal Custody, the third-party service responsible for securing the exchangeโs cold wallets. The police noted that Liminal was uncooperative, failing to provide logs that could help trace the money trail and identify other culprits involved in the scheme.
Following the breach, WazirXโs investigative report highlighted that the malicious transaction was not sent to any of the destination addresses in the whitelisted addresses, which should have been prevented by Liminal. In response, Liminal stated that the multi-signature smart contract wallet used in the attack was “created independently and further imported on the Liminal platform.”
The investigation is still active, with authorities planning to file a supplementary chargesheet once more information is gathered from entities like Telegram and Liminal Custody.
For more insights into the challenges of securing digital assets and the importance of robust cybersecurity measures in the crypto industry, explore our detailed analysis on securing talent in crypto and the ongoing battle against crypto calamities.
Edited by Stacy Elliott.
