BOOTY OR BOUNTY? A $230 million exploit of the Indian crypto exchange WazirX got blockchain sleuths pointing fingers at North Korea-linked hackers, and various parties blaming each other for the security lapse. The funds were allegedly stolen from a WazirX multisignature wallet, or “multisig“– one that requires two or more private keys to execute a transaction. “Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred,” the exchange wrote in a preliminary report. WazirX identified the multisig wallet’s provider as crypto custody firm Liminal in a follow-up post, hours after the initial confirmation. It later deleted the post, and Liminal said in a blog post that “there is no breach in Liminal’s infrastructure, wallets and assets.” The loot included shiba inu (SHIB) tokens along with ETH, MATIC, PEPE and USDT. A gallows-humor-meets-geekdom moment arrived when blockchain records appeared to show that the exploiter had created a token called “WazirX Hacker Sends His Regards.” The exchange filed a police complaint, and the matter is under investigation. But as of Friday, tokens on WazirX were trading at deep discounts to their prices on other global crypto exchanges, a sign of immense local selling pressure. Earlier this week WazirX announced that it would pay a bounty of as much as $23 million, or 10%, to the hacker in exchange for the return of the funds. On a running blog post chronicling the incident day-by-day, WazirX updated that it’s now “actively contacting projects associated with the stolen tokens to seek their support in the recovery process.” One poster on X responded by noting that the looter had apparently already “converted almost all of the stolen crypto to ETH,” inquiring, “Don’t you think it’s too late?“
