WazirX’s Massive Crypto Heist: $230 Million Gone

Ever had one of those days where everything seems to go haywire? Now, imagine that on a global scale. On Friday, the digital world experienced what can only be described as a tech catastrophe of epic proportions. Computers were stuck with the dreaded “blue screen of death” — that bright blue error screen that pops up when Windows crashes or can’t load.

The culprit? A seemingly innocent yet faulty update from CrowdStrike, a cybersecurity firm that’s usually busy warding off malicious cyberattacks.

The outage resulted from a defect in a software update for its security product, Falcon Sensor. While your home computer was probably fine, this outage hit businesses hard. It caused any Windows computers with Falcon installed to crash without fully loading, disrupting everything from flights to TV broadcasts. Airports jam-packed with stranded travelers, banks and hospitals feeling the heat, and streaming services suddenly out of service — all thanks to a glitchy update that played havoc with Microsoft’s Windows.

CrowdStrike has identified the problem and deployed a fix. Hopefully, we’ll see fewer global tech blunders like this in the future. But these incidents really make us think about how scarily dependent we’ve become on digital systems. Does this mean it’s time to have a backup plan that doesn’t rely on tech for when things go awry next time? It’s kind of funny how tech problems are making us think about going old school!

WazirX’s Massive Crypto Heist: $230 Million Gone

In another digital disaster, WazirX lost over $230 million (at least ₹1,900 crores) worth of crypto assets — nearly half of its reserves — to a hack attack. The hackers are already offloading these assets for illegal activities, and some analysts think they know who’s behind it.

How did WazirX lose all that crypto? It started with a special type of wallet called a multisignature or multisig wallet, where crypto assets are kept extra secure. This wallet needs multiple keys or passwords to open. For WazirX, it required three keys from their end plus a final approval from Liminal, a company that specializes in storage and wallet services for virtual assets.

Here’s where the hackers got sneaky. They tampered with the “payload,” the data sent for approval during a transaction. This move, known as a “transaction manipulation attack,” involves changing the transaction details, like the amount being transferred or the recipient’s account. By manipulating this data, the hackers managed to redirect control or funds to themselves.

Reports from Elliptic, a blockchain analytics firm, and other cybersecurity researchers believe that the infamous North Korean criminal organization Lazarus is behind the attack. They’ve tracked the stolen assets being sold off, and all signs point to Lazarus.

Lazarus, a North Korean state-sponsored group, is known for pulling off some of the biggest crypto heists ever. They were behind the massive $600 million theft from the Ronin Network, a blockchain platform designed for games like Axie Infinity.

Linking Lazarus to this heist makes sense because North Korea has turned to crypto theft to sustain its economy. Severe sanctions imposed by the United Nations, the US, and other countries to curb its nuclear weapons program have hit North Korea’s economy hard. Despite this, the country continues to push forward with its nuclear and missile technology, feeling threatened by major powers like the US and its allies. To support its economy and nuclear ambitions, North Korea uses crypto heists, as cryptocurrencies can be laundered more easily and aren’t affected by trade sanctions.

A UN report reveals that North Korea’s malicious cyber activities generate around half of its foreign currency income, possibly earning about $3 billion between 2017 and 2023, covering 40% of the cost of weapons for its mass destruction programs.

Even with Lazarus suspected of being behind the heist, WazirX is determined to recover its stolen assets. But recovering funds from such high-profile cases is notoriously tough, so we’ll have to wait and see how this mystery unfolds.