Indian cryptocurrency exchange WazirX has reported a significant security breach and announced that it is currently investigating the incident, which has led to a temporary suspension of both Indian rupee (INR) and cryptocurrency withdrawals.
The exchange has communicated to its users that it is working to address the issue and will provide updates as the situation evolves. The suspension of withdrawals is a precautionary measure to safeguard user assets.
Crypto researcher ZachXBT has traced the breach back to an address linked to a known hacking group.
1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations. https://t.co/gLHu05sXWZ pic.twitter.com/eFRNdLtACB
— ZachXBT (@zachxbt) July 18, 2024
By analyzing token transfers through various Ethereum addresses and mixers, he suspects that the Lazarus Group, a notorious North Korean hacking collective, might be involved in the attack.
ZachXBT has also identified a KYC-verified deposit address associated with the exploit, though he notes that such accounts can be easily acquired on the black market, which may complicate the investigation.
Arkham Intelligence has confirmed that ZachXBT’s findings, including the identification of the KYC-linked address, meet the criteria for their bounty. This information will be shared with WazirX as part of their ongoing investigation into the breach.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.