Indian Crypto Exchange WazirX Halts Withdrawals After a $234.9 Million Hack
Indian crypto exchange WazirX is under scrutiny after a $234.9 million transaction to an unknown wallet. Blockchain security firm Cyvers first detected this transaction, which originated from WazirX’s Safe Multisig wallet on the Ethereum network.
There are fears of a security breach because the new wallet was initially funded by the crypto mixer – Tornado Cash.
WazirX Suffers Hack
Cyvers expressed concerns that the WazirX Safe wallet may have been compromised by a potentially malicious entity. After the transfer, the suspicious address began a series of cryptocurrency swaps.
“The suspicious address has already swapped PEPE, GALA, and USDT to ETH and continues to swap other digital assets,” a Cyvers report noted.
This activity raises red flags, suggesting a possible attempt to launder the assets through various cryptocurrencies.
Read more: Crypto Project Security: A Guide to Early Threat Detection
In an email conversation with BeInCrypto, WazirX confirmed the security breach. Moreover, for the time being, the crypto exchange has paused fiat and crypto withdrawals. Notably, this incident is the second largest crypto hack of 2024, after the DMM Bitcoin security breach in May.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of users’ assets, INR and crypto withdrawals will be temporarily paused,” WazirX told BeInCrypto.
Moreover, Deddy Lavid, CEO of Cyvers, shared insights with BeInCrypto that hint at a notorious perpetrator.
“The use of TornadoCash to fund the transactions is indicative of methods used in previous high-profile attacks. While it is too early to definitively link this incident to the Lazarus Group, the similarities are concerning. Cyvers is closely analyzing the situation,” Lavid told BeInCrypto.
Lazarus, a well-known hacking group believed to be sponsored by North Korea, has been linked to several major cryptocurrency thefts. Notably, it is also responsible for stealing over $305 million from the Japanese crypto exchange DMM Bitcoin.