How was WazirX crypto exchange hacked?

WazirX cryptocurrency exchange from India was hacked yesterday and whopping $230M worth of crypto has been transferred from its wallets.

How did this WazirX hack happened?

The hacker went for their multisig wallets. Infact, the hackers had already started testing out various strategies to hack the wallets 9 days ago and executed them yesterday.

It was an organized attack and is said to have originated from North Korea.

The hack happened when using phishing links or a software that was someone installed by WazirX developers. They upgraded the multisig wallet to a malicious one that allowed them to gain access to the millions of dollars worth of cryptocurrencies.

However, the hackers did not have access to all the required private keys and were solely dependent on signature phishing that, unfortunately, cannot be done without getting caught.

That said, they did have access to two out of four private keys. They used these private keys to generate two more signatures and were then able to send a successful transaction to upgrade the multisig to a malicious contract that would transfer all the funds to them.

Hacked funds went to North Korea

How do we know that these hackers were from North Korea. Well, while there is no concrete proof, all the evidences show that North Korean hackers were behind this WazirX hack. This is simply how they operate and execute hacks. This hack has striking similarity with other known crypto hacks.

Funds recovery

How would the innocent people get their money back? After all, all this crypto stored on the exchange belongs to the people. There is strong chance that the crypto exchanges will freeze the funds if the hackers send them their way. That said, there is little chance of complete recovery as they might use bitcoin and ethereum mixing services to fool the exchanges.