North Korean hackers responsible for $235 million WazirX breach, say US, South Korea

North Korean hackers were behind the $235 million security breach that happened at Indian cryptocurrency exchange WazirX, according to a statement by the United States and South Korea.

The joint statement cautioned that North Korea-affiliated groups, including the Lazarus Group, continue targeting cryptocurrency exchanges, digital asset custodians, and individual users to steal funds.

This marks the first official statement from the countries attributing the cyberattack to hackers based in North Korea.


It warned that these hackers pose a significant threat to the international financial system, with the stolen assets allegedly being used to fund North Korea’s illicit weapons of mass destruction and ballistic missile programmes.

The US and South Korean governments also attributed a $50 million theft from crypto platform Radiant Capital to North Korea.

While Japan is also part of the joint statement, the claims regarding WazirX and Radiant Capital were specifically made by the US and South Korea.

“The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system,” the statement noted.

It further revealed that North Korean groups were responsible for stealing tokens from multiple exchanges, including DMM Bitcoin ($308 million), Upbit ($50 million), and Rain Management ($16.13 million).

The breach at WazirX in July 2024 was the largest cyberattack on an Indian cryptocurrency exchange, targeting one of its multisig (multi-signature) wallets. Hackers stole nearly half of the platform's estimated reserves, leading to the suspension of deposits and withdrawals.

On July 29, ET reported that the US intelligence agency Federal Bureau of Investigation (FBI) reached out to WazirX to analyse the cyberattack and assist with the investigation.

WazirX cofounder Nischal Shetty had also commented, “We’re convinced it could be the (North Korea’s) Lazarus Group.”

Also, the three governments stated that they are collaborating to prevent thefts, including those targeting private industries, and to recover stolen funds, aiming to block North Korea from securing illicit revenue for its weapons of mass destruction and ballistic missile programs.