WazirX $234M Hack: How North Korea's Lazarus Group Stole from India's Largest Exchange

WazirX $234M Hack: How North Korea's Lazarus Group Stole from India's Largest Exchange

N
News Editor 01
2026-07-08 12:52:22
On July 18, 2024, India's largest crypto exchange WazirX lost $234.9 million (45% of reserves) in a sophisticated attack on a multisig wallet. The North Korean Lazarus Group is suspected. The hack exposed critical flaws in centralized custody, smart contract security, and India's regulatory void.
WazirXHackLazarus GroupCryptocurrency SecurityMultisig

On July 18, 2024, WazirX, India's largest cryptocurrency exchange, suffered a devastating cyberattack that resulted in the theft of approximately $234.9 million in digital assets, wiping out nearly 45% of the platform's reserves. The breach, one of the largest in crypto history, affected millions of users and exposed deep vulnerabilities in centralized exchange security.

Attack Method: Exploiting a Multisig Wallet

The attack targeted a multisignature (multisig) Ethereum wallet jointly managed by WazirX and its custody partner, Liminal. Such wallets require multiple approvals to execute transactions — in this case, four out of six signatures (three from WazirX and one from Liminal). Despite this security measure, hackers executed a sophisticated social engineering and smart contract manipulation attack.

Blockchain analysis revealed that the attackers prepared for eight days, funding their operations via Tornado Cash on July 10, 2024. On July 18, they tricked signatories into approving a malicious smart contract update, effectively handing over control of the wallet. The hackers then drained $234.9 million, including $97 million in Shiba Inu (SHIB) and $53 million in Ethereum (ETH). Post-attack, they converted most stolen assets into ETH and laundered them through Tornado Cash. By September 2024, only about $6 million in traceable ETH remained.

The attack's precision and scale point to the North Korean Lazarus Group, a state-sponsored hacking collective notorious for targeting crypto platforms. Their involvement complicates recovery, as they rarely negotiate with victims or face legal accountability.

Fallout: User Anger and Platform Recovery

WazirX, which serves over 15 million users primarily in India, responded by launching a $23 million bounty program and freezing approximately $3 million in stolen assets. In January 2025, a Singapore court approved its restructuring plan, aiming to resume trading by February 2025. However, the compensation strategy has ignited fierce criticism.

The exchange plans to cap claims at the asset values on the hack date (July 18), ignoring significant price surges — for example, SHIB's value rose from $102 million at the time of the theft to $173 million months later. This has angered investors, especially Bitcoin holders whose funds were not directly affected but still face proportional losses under the “socialized loss” model. Many view the plan as unfair and detrimental to user trust.

Lessons Learned: Security and Regulatory Gaps

The WazirX hack underscores critical vulnerabilities in the crypto industry:

  • Centralization risk: Storing 50% of reserves in a single wallet amplified the damage. Experts recommend distributing assets across multiple wallets and using multi-party computation (MPC) solutions.
  • Smart contract security: Human error in approving a malicious contract was the root cause. Rigorous auditing, emergency circuit breakers, and decentralized custody arrangements could prevent similar incidents.
  • Regulatory vacuum: India's unregulated crypto sector left users with limited recourse. Industry observers urge authorities to establish clear security standards, mandatory audits, and investor protection frameworks.
  • User awareness: Phishing and social engineering played a key role. Investors must verify transaction requests, use hardware wallets for significant holdings, and avoid clicking on suspicious links or using unverified dApps.

What's Next for the Crypto Industry

The WazirX hack may accelerate regulatory action in India, potentially imposing stricter compliance requirements on exchanges. While this could stifle short-term growth, it may also enhance market integrity and investor confidence. The incident has also pushed users toward decentralized finance (DeFi) platforms and self-custody solutions, as the risks of centralized exchanges become more apparent.

For individual investors, the key takeaways remain timeless:

  • Use hardware wallets for long-term storage of significant assets.
  • Diversify holdings across multiple platforms and wallets.
  • Enable two-factor authentication (2FA) and stay vigilant against phishing attempts.
  • Research a platform's security practices and regulatory standing before depositing funds.

The WazirX hack is a stark reminder that in the crypto world, “not your keys, not your coins” remains a fundamental principle. Centralized exchanges must prioritize security, transparency, and user protection to rebuild trust in an increasingly sophisticated threat landscape.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
100

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.