As a seasoned cybersecurity professional with decades of experience under my belt, I can confidently say that the WazirX hack was a masterful display of malicious ingenuity. The suspected involvement of the Lazarus group, a notorious North Korean hacking collective, is not surprising given their track record of large-scale cyberattacks.
More than five weeks have passed since the largest crypto heist in India occurred at WazirX exchange, leading to the theft of more than Rs 2000 crores worth of user funds. According to tech analysts, this cyber attack appears to be linked to “Lazarus Group” – an alleged state-backed hacking group from North Korea, known for a number of other similar cyber heists.
Despite significant efforts by local law enforcement agencies and cryptocurrency investigators, little progress has been made in solving the hack case due to North Korea’s isolative nature as a hostile state and the lack of proactive involvement from Indian authorities regarding the crypto market. In this complex situation, the mysterious WazirX hackers have successfully laundered the stolen funds through the Tornado Cash mixing service.
In this unique article, we’ll try to reconstruct the series of events following the WazirX hack on July 18 and potentially identify the Lazarus Group as the culprits. The individuals under scrutiny in this investigation are among the most sought-after globally, according to the FBI.
What is Lazarus Group?
The Lazarus Group, sometimes referred to as ‘Guardians of Peace’, ‘Hidden Cobra’, ‘Diamond Sleet’, or ‘414 Liaison Office’, is a cybercrime organization linked with the Reconnaissance General Bureau (RGB), the intelligence agency of North Korea, much like the CIA in the U.S. and the KGB in Russia.
The Lazarus Group initially attracted notice when they are believed to have orchestrated a cyberattack on Sony Pictures in the year 2014, leading to the public release of substantial quantities of confidential information such as unpublished films, musical compositions, and scripts.
The Lazarus Group was previously known for carrying out ransomware attacks, DDOS assaults, and malicious phishing schemes aimed at data theft or server shutdowns of competing nations like South Korea and the United States. But since 2017, their focus has shifted to cryptocurrency exchanges, with numerous successful heists leading to the depletion of the targeted exchange’s crypto funds on many occasions.
Based on information from the United Nations Security Council and DeFiLlama, it’s estimated that more than 70% of cryptocurrency stolen by hackers with ties to North Korea since 2020 was obtained through manipulating private keys. This makes the Lazarus Group one of the world’s most dangerous Advanced Persistent Threat (APT) groups. The data suggests that North Korea has been involved in over $2.4 billion worth of cryptocurrency thefts since 2020.
How Lazarus Group is Involved in the WazirX Hack
Following the hack on WazirX that occurred on July 18, several autonomous cryptocurrency investigators such as ZachXBT and the cybersecurity firm Cyfirma have suggested that the Lazarus Group could be involved due to the similarities in the attack’s methodology.
According to specialists, the characteristics of this attack – involving phishing tactics, intricate manipulations of multisig, and money laundering via Tornado Cash – align with the Lazarus Group’s past cyberattacks. Notably, blockchain analysts like ZachXBT have pointed out that the WazirX hack bears resemblances to previous operations by the Lazarus Group, such as the Harmony Horizon hack and Atomic Wallet hack.
Security specialists such as Mudit Gupta and ZachXBT discovered that the assailants had started probing their tactics at least eight days prior to the incident, suggesting a carefully orchestrated and deliberate strategy characteristic of the Lazarus Group.
Nischal Shetty, WazirX’s CEO, stated that the recent attack was unlike any other seen on a centralized exchange due to its complexity and scale. He suggested that this attack might not be the work of an ordinary hacker, but potentially a state actor with advanced skills. Although he doesn’t condone the situation, Shetty implied that such a sophisticated attack could happen to any organization, even those employing top-notch security practices.
🚨🇮🇳 In exactly one month from now, it will mark the anniversary of the #WazirX incident that led to the loss of approximately 2000 crores of investor funds.
The Crypto Times spoke with numerous affected investors, who have shared their experiences with us. Today, we bring you a unique perspective on…
— The Crypto Times (@CryptoTimes_io) August 17, 2024
FBI Most Wanted Hackers Behind WazirX hack?
Despite challenges in pinpointing a single culprit for the WazirX hack, our investigation has led us to focus on three prime suspects who are known representatives of the Lazarus group. They might have orchestrated the large-scale attack on WazirX.
1. Kim Il
Kim Il is a cybercriminal believed to be backed by the North Korean government, suspected of participating in one of the costliest digital heists ever recorded. These cyberattacks, which are said to be orchestrated by him, have reportedly caused harm to various computer systems and resulted in the unlawful acquisition of both conventional and digital funds from multiple victims.
It’s alleged that Kim Il is involved in a larger criminal network of hackers linked to North Korea’s Reconnaissance General Bureau (RGB). This network encompasses various North Korean hacking teams, such as the “Lazarus Group” and Advanced Persistent Threat 38 (APT38), as identified by private cybersecurity experts.
2. JON CHANG HYOK
Jon Chang Hyok is another suspected North Korean government-backed cybercriminal linked to some of the most high-profile and destructive cyber incidents in recent times. Similar to Park Jin Hyok, Jon is connected with the Lazarus Team, a hacking collective thought to be supported by North Korea’s Reconnaissance General Bureau (RGB). He has been implicated in creating and launching malicious software aimed at cryptocurrency platforms and various other businesses.
He is in charge of covert activities such as cyber warfare on behalf of North Korea. He has been accused by the United States District Court, Central District of California, of conspiring to carry out fraudulent acts involving wire, bank, and computer fraud (unauthorized intrusions). A federal warrant for his arrest was issued on December 8, 2020, due to his suspected involvement in these conspiracies.
3. PARK JIN HYOK
Park Jin Hyok is a North Korean computer programmer. He is most notably associated with the Lazarus Group, a hacking group believed to be sponsored by North Korea’s Reconnaissance General Bureau (RGB), which is its primary intelligence agency.
He has been charged with conspiracy to commit wire fraud, bank fraud, and computer fraud (intrusions) by the United States District Court, Central District of California.
The cyberattack led to the leak and dissemination of secret data belonging to Sony Pictures Entertainment, which encompassed unpublished movies and private conversations. This incident is said to have been orchestrated as a response to the movie “The Interview,” a comedic portrayal involving an attempt on the life of North Korean leader Kim Jong-un.
Conclusion
Over the past 50 days, numerous events have unfolded regarding WazirX: its ownership has become a subject of dispute between its parent company Zettai and Binance. Neither party seems willing to step up and manage the exchange as users are clamoring for their funds to be returned. In the meantime, Zettai has petitioned the Singapore High Court for a moratorium, asking for six months to devise a restructuring plan. Unfortunately, this could result in users losing 43% of their funds due to recent hacking incidents.
Given the latest turn of events, it’s uncertain if various law enforcement bodies looking into the WazirX hack will uncover stronger evidence to charge the Lazarus Group with wrongdoing.
Read More
Sorry. No data so far.
2024-09-06 16:21