- Who is Lazarus Group?
- Lazarus Group's Involvement in the WazirX Hack
- FBI Most Wanted Hackers Behind WazirX Hack
It has been over 50 days since the biggest crypto hack of India- the WazirX exchange hack- that resulted in theft of over Rs 2000 crores of user funds. As per technical analysts, the cyber attack had footprints of the infamous “Lazarus Group”- a state-sponsored cybercrime organization of North Korea- that has several similar cyber hacks to their credit.
Who is Lazarus Group?
The Lazarus Group, also known by other names such as ‘Guardians of Peace’, ‘Hidden Cobra’, ‘Diamond Sleet’ and ‘414 Liaison Office’ is a cybercrime group associated with Reconnaissance General Bureau (RGB)- the state intelligence agency of Democratic People’s Republic of Korea (DPRK)- akin to CIA of U.S. and KGB of Russia. Lazarus Group first gained attention after they allegedly hacked Sony Pictures in 2014 and leaked large amounts of data including unreleased movies, songs and scripts. Since 2017, the group has targeted cryptocurrency exchanges, stealing huge amounts of crypto funds, that often resulted in insolvency of the targeted exchange. According to data from the United Nations Security Council (UNSC) and DeFiLlama, over 70% of the cryptocurrency lost to North Korean-linked hacks since 2020 was taken through private key exploits.
Lazarus Group's Involvement in the WazirX Hack
A few days after the July 18 WazirX hack, various independent crypto sleuths like ZachXBT and cybersecurity firm Cyfirma have pointed fingers towards Lazarus Group given the modus operandi of the attack. Experts claim that the nature of the attack, including the use of phishing techniques, complex multisig manipulations, and stolen money laundering through cash mixer tool Tornado Cash, is consistent with the Lazarus Group’s previous hacks. Blockchain researchers noted that the WazirX hack shares similarities with past Lazarus Group operations, such as the Harmony Horizon hack and Atomic Wallet hack.
FBI Most Wanted Hackers Behind WazirX Hack
Here are three suspects who might be involved in this hack: 1. Kim Il Kim Il is a state-sponsored hacker from North Korea, reportedly involved in one of the most expensive cybercrime conspiracies in history, including the theft of both traditional and virtual currencies. 2. Jon Chang Hyok Jon Chang Hyok is another alleged North Korean state-sponsored hacker involved in some of the most notorious and damaging cyberattacks in recent history. 3. Park Jin Hyok Park Jin Hyok is a North Korean computer programmer associated with the Lazarus Group. He has been charged with conspiracy to commit wire fraud, bank fraud, and computer fraud (intrusions).
It has been over a month since the WazirX hack, and users have realized that the exchange’s ownership is under dispute between its parent company Zettai and Binance. Neither of them is willing to take responsibility for the exchange. Meanwhile, Zettai has approached the Singapore High Court seeking a six-month moratorium to develop a restructuring plan for user funds, of which 43% were lost to the hackers.
Comments