Indian Authorities Detain Suspect Linked to $230M WazirX Hack

Police in India have reportedly taken a suspect into custody in connection with the high-profile attack on the WazirX crypto exchange.

The individual’s capture comes almost four months after the incident, which resulted in the loss of more than $230 million worth of crypto, was first reported.

Two Suspects Identified

According to local news sources, the arrest was carried out in the East Midnapore district of West Bengal. The suspect, identified as SK Masud Alam, is alleged to have set up an account on WazirX under the alias “Souvik Mondal,” later selling it on Telegram to an accomplice named M. Hassan.

Alam’s alleged partner in crime is said to have used the account as a conduit for launching the attack on the Mumbai-based exchange, targeting its crypto storage systems.

Detectives from the Intelligence Fusion and Strategic Operations (IFSO) division of the Delhi Police, who conducted the investigations, revealed that the suspects first breached the platform’s hot wallet. They then attempted to compromise its cold storage wallet, which is typically more secure because it is stored offline.

To unravel the complex transaction trail surrounding the theft, the sleuths confiscated three laptops used by the key signatories of the exchange’s multi-sig wallets. The law enforcement officers are keen to determine how they were potentially exploited or bypassed during the attack.

Alam’s charge sheet, reported by India Today, outlined the challenges investigators faced in their pursuit of the perpetrators, especially regarding the lack of cooperation from Liminal Custody, which had been responsible for securing WazirX’s wallets.

According to authorities, Liminal failed to provide crucial information despite repeated requests, raising questions over its adherence to security protocols and operational transparency. Further, the detectives suggested that the crypto custodian’s role in the WazirX breach may be subject to additional scrutiny as new findings emerge.

Unlike Liminal, the report noted that WazirX has so far offered full cooperation in the probe, providing police with key data, including know-your-customer (KYC) details and comprehensive transaction logs. Authorities say these have been instrumental in reconstructing the events leading to and after the incident.

Findings Differ From Forensic Analysts’ Claims

Alongside law enforcement, WazirX roped in several blockchain forensic experts to help identify the people responsible for the breach.

Some analysts had previously claimed that North Korean hackers were behind the WazirX job. Elliptic, an on-chain diagnostic firm, said its analysis of the patterns and techniques in the exploit pointed towards the involvement of North Korean actors.

Renowned crypto investigator ZachXBT echoed these sentiments, claiming in a July 18 post on X that the attack had “the potential markings of a Lazarus Group attack.”

The outfit, linked to the regime in Pyongyang, has been accused of stealing more than $3 billion from the crypto industry in the last six years, including $600 million from the Ronin Bridge.