News: 1721368747

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

North Korea likely behind takedown of Indian crypto exchange WazirX

(2024/07/19)


Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea.

According to a late Thursday [1]WazirX Xeet , the attack targeted one of its multi-signature wallets – digi-cash lockers that are designed to offer superior security by requiring multiple private keys to authorize a transaction.

WazirX's transaction verification process requires approval by multiple parties.

[2]

The hacked wallet had six signatories – five from WazirX team and one from Liminal. Most transactions on the WazirX platform require approval from three of the company's signatories, plus final approval from Liminal's signatory.

[3]

[4]

We're told the attack exploited a discrepancy between Liminal's interface and the actual transaction data. That allowed the attacker to manipulate the gain control of the wallet, bypassing the multi-signature security measures, WazirX explained.

After discovery of the event was made, WazirX [5]halted all crypto withdrawals. The firm revealed that it had already blocked a few deposits and reached out to concerned wallet-owners to assist with recovery.

[6]

The crypto exchange has described the incident as a "force majeure" event – a term usually reserved for natural disasters or wars.

"Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred," claimed WazirX. The exchange asserted it is "leaving no stone unturned to locate and recover the funds."

[7]Misconfigured cloud server leaked clues of North Korean animation scam

[8]Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft

[9]Co-founder of collapsed crypto biz Three Arrows cuffed at airport

[10]More than $100m in cryptocurrency stolen from blockchain biz

Blockchain analytics platform Lookchain thinks it has spotted them. The outfit [11]published a breakdown of which WazirX assets were stolen, and suggested whoever stole them is already looking for buyers.

UK-based blockchain analytics firm Elliptic, which specializes in blockchain analytics for financial crime compliance, [12]noted that the perp has already started swapping a number of stolen tokens for Ether cryptocurrency using a variety of decentralized services.

Elliptic's perusal of blockchains backing the assets led it to conclude the thieves are affiliated with North Korea.

[13]

North Korea has turned to cryptocurrency as a source of funds in the face of international sanctions. The nation is thought to run crypto-stealing operations and to launder the proceeds into instruments it can use to fund its nuclear weapons program and enrich the family of supreme leader Kim Jong Un.

WasirX claims roughly 16 million users and is one of the crypto exchanges in India. It was [14]acquired in 2019 by Binance, although there seems to be some [15]dispute over its ownership – some coming from incarcerated Binance founder "CZ" himself who claims the deal was never signed. WazirX co-founder Nischal Shetty [16]insists it most certainly was.

But being connected to Binance may not have been the best thing for WazirX. The acquirer was suspended from operating in India in December 2023 for violating anti-money laundering rules. It was [17]cleared again to operate last month – subject to a $2.25 million fine.

WasirX has also had its share of trouble with regulatory authorities in India as it had $8.1 million [18]frozen as a part of money laundering investigations in August of 2022.

Legislation to ban or at least rein in cryptocurrency has periodically been presented in India. However, as of mid-2024, the government has yet to finalize its stance on the alterna-cash.

Joanna Cheng, associate general counsel at NYC-based cryptocurrency custody and security firm Fireblocks, told The Register "There is no specific crypto regulation in India so far, and the industry would benefit from clear regulatory expectation on issues like security standards, risk management, and consumer protection. Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction)." ®

Get our [19]Tech Resources



[1] https://x.com/WazirXIndia/status/1813981143437611440

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zpo5OYaeZABCR-KFSvo7ZAAAABU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zpo5OYaeZABCR-KFSvo7ZAAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zpo5OYaeZABCR-KFSvo7ZAAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://x.com/WazirXIndia/status/1813843289940058446

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zpo5OYaeZABCR-KFSvo7ZAAAABU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/04/23/north_korea_animators/

[8] https://www.theregister.com/2023/10/20/india_tech_supoprt_scam_raids/

[9] https://www.theregister.com/2023/10/03/asia_in_brief/

[10] https://www.theregister.com/2022/06/24/harmony_100m_cryptocurrency_theft/

[11] https://x.com/lookonchain/status/1813842443483377684

[12] https://www.elliptic.co/blog/235-million-lost-by-wazirx-in-north-korea-linked-breach

[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zpo5OYaeZABCR-KFSvo7ZAAAABU&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[14] https://www.binance.com/en/blog/all/binance-acquires-indias-leading-digital-asset-platform-wazirx-to-launch-multiple-fiattocrypto-gateways-404105749895733248

[15] https://twitter.com/cz_binance/status/1555578415901802507

[16] https://twitter.com/NischalShetty/status/1555602963430785024

[17] https://www.livemint.com/industry/binance-cleared-to-operate-in-india-subject-to-a-2-25-million-fine-and-compliance-11718877762421.html

[18] https://twitter.com/dir_ed/status/1555499510117576705

[19] https://whitepapers.theregister.com/



That thing, that doesn’t exist

Anonymous Coward

It was there a minute ago…

CowHorseFrog

Its almost like theres no criminals in this world, and the only bad guys doing this sort of stuff are working for the govs of NK or Russia.

How is this possible ?

I ain't Spartacus

There are loads of criminals in this world. And they steal stuff.

There are loads of criminals working for the government of Russia. It's been a modus operandi of theirs for a long time. The FSB has been up to its neck in criminality since it was still the old KGB - they've used crims for decades to get stuff done - or just to get nice fat pay-offs - as well as being responsible for prosecuting a few, to keep the others in order. You get some corruption like that in any police force - but it happened on an industrial scale in the 90s - and the FSB also have an intelligence role, so had many uses for deniable criminals (including hackers). Look at poor old Prigozin - late, lamented head of the Wagner group, who got his political connections from one Vladimir Putin as both their careers were on the rise in 90s St Petersburg.

I don't know if North Korea worries about using deniable criminals, or even has many of that type - given how repressive the state is. Or if everyone is just on the government payroll. I remember reading a piece about their UK embassy - where the staff aren't paid. They have to find ways of making money while also doing their jobs - however dodgy. Apparently this is true of most of their other embassies too.

I've read that the Chinese government uses deniable hackers. But not really many details, or if their main efforts are state employees.

Of course, if you're senior in the Chinese, Russian or North Korean governments then you're automatically a criminal. Given the Chinese government is undoubtedly involved in genocide in Xinxiang (and arguably Tibet), Russia have done quite a few things in Ukraine that meet the (probably too wide) UN definition of genocide - such as forcible adoption of children and attempted destruction of Ukrainian language and culture in occupied areas - and North Korea is the most repressive state in the world with hundreds of thousands of people in political re-education and labour camps.

Force majeure

Pascal Monett

It's funny how there are absolutely no banks who invoke that excuse.

No real banks. Banks with a banking charter, and proper procedures and personnel dealing with actual currency and legal obligations, not fairy money and feel-good wishes.

Invoking Force Majeure when you don't have the compentence, the ability or the experience to implement secure money-managing procedures is like a teenager flipping his car in a curb and blaming the rain on the road.

Bunch of muppets, all of them.

Re: Force majeure

I ain't Spartacus

They all seem to have their own special wallet apps - all writted by themselves. With roll-your-own "security". Maybe some of them even do some testing?

[Melchett mode]

No Darling! Testing is not a dirty word! Now crevice, that's a dirty word...

[/Melchett mode]

Force Majeure

Anonymous Coward

God dun it.

Show me the money!

Fruit and Nutcase

It waz 'ir a moment ago

Re: Show me the money!

I ain't Spartacus

Well played sir!

I salute you for your puntabulousness.

During the next two hours, the system will be going up and down several
times, often with lin~po_~{po ~poz~ppo\~{ o n~po_~{o[po ~y
oodsou>#w4k**n~po_~{ol;lkld;f;g;dd;po\~{o