Blockchain data analysts believe that the exploit involving India’s WazirX exchange, which led to over $200 million in losses, was conducted by North Korean hackers. 

On July 18, WazirX paused withdrawals for crypto and Indian rupees (INR) after reports of a hack began circulating online. Web3 security firm Cyvers flagged that an unauthorized actor had moved about $234.9 million in digital assets from the Safe Multisig wallet to a different address.

Onchain analysts tie $235M Indian exchange exploit to North Korean hackers image 0 Crypto assets lost in the WazirX breach. Source: Elliptic

The wallet contained more than 200 different digital assets, including Shiba Inu ( SHIB ), Ether ( ETH ), Tether ( USDT ), Polygon ( MATIC ), PEPE ( PEPE ), Floki ( FLOKI ) and many others.

Onchain analysts tie $235M Indian exchange exploit to North Korean hackers image 1 Source: Tarun Mangukiya

Tarun Mangukiya, the co-founder of payment platform Copperx, believes that the hackers may have tricked WazirX into upgrading its Safe Implementation Skeleton with a phishing smart contract in the last eight days. Mangukiya speculated that the WazirX team signed a random transaction which led to the exploit.

$235 million exploit tied to North Korean hackers

In an initial analysis, blockchain forensics firm Elliptic said that their data led them to believe that the hack was conducted by hackers tied to North Korea. An Elliptic representative told Cointelegraph that:

“The North Korea attribution is based on analysis of the on-chain transactional behavior and other information. There are certain patterns and techniques that are characteristic of this type of actor.”

Apart from Elliptic, crypto investigator ZachXBT also drew similar conclusions. After tracing the WazirX hack back from the original exploiter address, the blockchain investigator said on X that the hack “has the potential markings of a Lazarus Group attack.”

The Lazarus Group is an infamous North Korean criminal organization known for its cyber exploits, with attacks dating back to 2010. The group started terrorizing the crypto space in 2017 and is determined to be behind some of the biggest exploits within crypto, including the $600 million Ronin Bridge incident.

Related: Lazarus is moving millions from $305M DMM Bitcoin hack — ZachXBT

Shiba Inu memecoin prices fell 10%

Over $100 million worth of SHIB tokens were taken during the hack, affecting prices for the digital asset. Blockchain analysis platform Lookonchain flagged that the attackers have already begun swapping SHIB assets for ETH.

Onchain analysts tie $235M Indian exchange exploit to North Korean hackers image 2 Shiba Inu’s 24-hour price chart. Source: CoinGecko

The hackers sold 35 billion SHIB tokens worth $618,000 and still hold about $95 million in tokens. Since the hack, the dog-themed memecoin’s price dropped by 10% .

Magazine: Meet the hackers who can help get your crypto life savings back