Credential theft
WazirX Cryptocurrency Exchange Hack
Primary Source βIncident Details
$234.9 million in crypto assets stolen from Indian exchange WazirX on 18 July 2024. Attributed to North Korea’s Lazarus Group by joint US/Japan/South Korea statement in January 2025. Attackers created a fake account, deposited tokens, then manipulated the multisig wallet’s smart contract once three developer signatures were collected from compromised devices. WazirX suspended withdrawals. Singapore High Court sanctioned a restructuring scheme in October 2025 returning approximately 85% of funds to users.
Technical Details
- Initial Attack Vector
- Lazarus Group (North Korea) compromised WazirX multi-signature wallet by social engineering developers and manipulating Safe Wallet front-end; malware replaced legitimate transaction displays to collect hardware wallet signatures
- Vendor / Product
- Liminal Custody (multi-sig wallet infrastructure)
- Malware Family
- Safe Wallet front-end manipulation / transaction substitution
Timeline
- 2024-07-18 Breach occurred
- 2024-07-18 Publicly disclosed
- 2024-07-19 Customers notified