- ZachXBT traced the WazirX hack back to a KYC deposit address, earning an $8200 bounty from Arkham for his critical evidence.
- The WazirX hack shows potential ties to the North Korean Lazarus Group, with $230M stolen and sold, including SHIB and ETH.
- WazirX halted withdrawals and is investigating the breach, while experts suspect a methodical attack linked to North Korean hackers.
ZachXBT, a prominent blockchain investigator, has unveiled critical evidence linking the WazirX hack to a centralized exchange deposit. He claimed his second bounty from Arkham after submitting definitive proof of the KYC deposit address used by the hacker. Arkham offered a reward of 5,000 ARKM (~$8200) to anyone who could identify the hacker or assist in the recovery of the stolen funds.
The WazirX Hack and Suspected Lazarus Group Links
The Indian crypto exchange WazirX was hacked on July 18. Funds, including $100 million in SHIB and $52 million in ETH, have reportedly been sold. ZachXBT shared his method of tracking the exploiter’s transactions, suggesting the WazirX hack has the potential markings of a Lazarus Group attack linked to North Korean hackers. Blockchain analysis firm Elliptic echoed similar suspicions.
In his analysis, ZachXBT traced the hack back from the original exploiter address. He identified test transactions conducted on July 10 using SHIB. These transactions were funded through six transactions of 0.1 ETH each from Tornado Cash, a currency mixer app. ZachXBT noted that identifying the relevant centralized exchange deposit address was not particularly difficult.
Security Measures and Investigative Insights
ZachXBT also highlighted that KYC-verified accounts could be easily purchased online, which might limit the usefulness of the identified deposit. However, his efforts were still recognized, and he claimed the Arkham bounty.
The WazirX team has temporarily halted Indian rupee (INR) and cryptocurrency withdrawals while investigating the incident. They acknowledged the security breach on one of their multisig wallets and assured users that they were actively working on the issue.
Moreover, blockchain security researcher Mudit Gupta provided additional insights into the hack. He suggested the hackers had been practising on-chain at least eight days before executing the attack. Gupta described the attack as methodical and organized, pointing towards North Korea’s involvement.
Gupta further explained that the attackers upgraded the multisig to a malicious version. This allowed them to drain the wallet. They likely compromised two out of four private keys directly, while the remaining two were phished via a UI or wallet compromise. Gupta speculated that a wallet compromise or custody provider compromise was likely responsible.
Besides tracking the movements of over $230 million stolen in the breach, ZachXBT shared his analysis on social media. His investigation concluded that the BTC involved originated from an unknown service, making it challenging to trace. He emphasized the need for the WazirX team to be transparent regarding their findings.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
