🚨 “The Big Heist: $230 M in Crypto Stolen from WazirX” 🚨

On the night of July 18, 2024, a sophisticated cyber attack shook WazirX, one of the largest exchanges in India. The attackers leaked a multisig wallet, extracted over $230 M in tokens (ETH, USDT, SHIB…) and vanished without a trace .

Forensic evidence attributes the hack to the Lazarus group, linked to North Korea, famous for other million-dollar thefts from exchanges . Quickly, the funds were converted to ETH and sent to Tornado Cash, a mixing tool that makes any trace difficult .

“Most of the stolen assets were moved through Tornado Cash…” 

The digital laundering chain is nearly over: only about $6 M in ETH remains to be mixed .

⸻

📉 Impact and reaction from WazirX

• They froze deposits and withdrawals immediately to stop the fund leak.

• Reports were filed with CERT-In, FIU, and the Indian police, while collaborating with firms like Elliptic and Arkham to trace the movement of funds .

• In January 2025, the High Court of Singapore approved a restructuring plan: issue recovery tokens, distribute 85% of the losses, and establish a legal period of 16 weeks .

⸻

⚠️ Lesson for everyone

1. Not even large exchanges are safe. 🔐

2. Multisig wallets can fail if they don’t have total control.

3. Tools like Tornado Cash complicate the recovery of funds.

4. Regulations and judicial restructurings can recover part of the stolen assets.

⸻

🧠 What will we see in the future?

• More regulatory pressure on mixers like Tornado Cash.

• Reinforcement of security and control standards in exchanges.

• Users may value personal custody and decentralized services more.