Key Points
- North Korea’s Lazarus group is accused by the US, Japan, and South Korea of hacking WazirX, causing a $235 million loss.
- The three governments are increasing their collaborative efforts to counter North Korea’s cyberattacks on the global financial system.
The governments of the United States, Japan, and South Korea have collectively attributed the July 2024 cyberattack on WazirX, India’s biggest crypto exchange, to North Korea’s state-backed hacking group, Lazarus. The hack led to a massive loss of $235 million.
These allegations align with previous findings from blockchain analytics firm Elliptic, which also implicated North Korea in the cyber breach. The governments’ statement underscored the wider threat of North Korea’s cyber activities, emphasizing their impact on the global financial system.
Security Concerns Escalate
The WazirX breach involved the compromising of one of its multisignature wallets, leading to a loss of over 45% of its total cryptocurrency assets. The exchange subsequently suspended all trading and platform operations. This incident prompted a sector-wide reflection.
In November 2024, WazirX’s co-founder, Nischal Shetty, announced plans to restart operations and reimburse affected users by February 2025. The WazirX hack is part of a larger trend that has exposed vulnerabilities in the cryptocurrency sector.
According to a report by the United Nations Security Council in May, North Korea-linked cryptocurrency hacks have pilfered over $3 billion between 2017 and 2023. In 2023 alone, the panel investigated 17 crypto heists, which were valued at over $750 million.
The WazirX breach was the second-largest attack in 2024, only surpassed by a $308 million heist targeting Japan’s DMM Bitcoin exchange in May. Numerous law enforcement agencies, including the FBI and Japan’s National Police Agency, have verified that this attack was also executed by North Korea-affiliated hackers.
The Lazarus Group has also been linked to other significant crypto thefts, including attacks on Upbit ($50 million loss), Radiant Capital ($50 million loss), and Bahrain-based Rain Management ($16.13 million loss). Over 50% of North Korea’s foreign currency earnings in 2024 are believed to have originated from such malicious cyber activities.
Global Collaboration Against Cyber Threats
In response to North Korea’s cyber aggression, the US, Japan, and South Korea are strengthening their cooperation. Their joint efforts include imposing sanctions on DPRK cyber actors, working to recover stolen assets, and improving cybersecurity capabilities across the Indo-Pacific.
The increasing sophistication of state-sponsored hacking groups underscores the urgent need for robust cybersecurity measures in the crypto sector.
