 |
WazirX hackers were preparing for the $235 million theft eight days before it happened.
According to Polygon Labs’ head of security, the hackers behind the $235 million WazirX cryptocurrency exchange breach began preparing for the on-chain breach at least eight days ago.
WazirX, one of India’s largest cryptocurrency exchanges, lost hundreds of millions of dollars in a multi-signature wallet hack on Thursday, July 18. The hack is believed to have been carried out by the North Korean hacking group Lazarus Group.
Polygon Labs’ chief information security officer, Mudit Gupta, said the hackers began “practicing” the hack on-chain more than a week before launching the attack.
In a July 18 post to X, Gupta explained that it started with hackers upgrading multisig to a malicious version that was later leaked.
Tarun Mangukiya, co-founder of payments platform Copperx, believes that hackers may have tricked WazirX into upgrading its security implementation framework.
“Why upgrade instead of just draining it?” Gupta asked.
“Draining takes time and multiple transactions. They likely didn’t have access to all the private keys they needed, and they would have had to rely on signature phishing, which can’t be caught without doing it multiple times.”
In a follow-up post to X, WazirX described the attack as a “force majeure event beyond our control.”
“We have already blocked some deposits and have contacted the relevant wallets for recovery,” he added.
The exchange announced a temporary freeze on withdrawals immediately following the hack.
India’s Crypto Sector Takes a Breath for Tax Cuts
Elsewhere in India, the crypto industry is also desperate for relief from the country’s stringent crypto tax regulations, with Finance Minister Nirmala Sitharaman set to present the federal budget for the next fiscal year on July 23.
India is set to impose one of the world’s harshest tax regimes on cryptocurrencies starting in 2022, imposing a flat 30% capital gains tax on profits made from digital assets, including non-fungible tokens (NFTs).
Additionally, cryptocurrency transactions are subject to a 1% withholding tax (TDS).
The Indian cryptocurrency sector has been demanding a reduction in the TDS rate to 0.01% in the upcoming budget.
Sumit Gupta, CEO of CoinDCX, an exchange that participated in the preliminary budget talks, says the adjustment is crucial to recovering business that has shifted to overseas exchanges due to the current heavy taxes.
“We have also requested that the TDS rate be reduced from 1 per cent to 0.01 per cent,” Gupta said in a statement shared with the magazine.
We also asked for the capital gains tax rate to be lowered from 30% to the actual (income bracket) of the assessee.”
According to a recent report by the National Academy of Legal Research (NASLAR), since Sitharaman introduced these tax measures in her 2022 budget speech, Indian cryptocurrency exchanges have been in a steep decline, with trading volumes plummeting by 97% and active users dropping by 81%.
According to a study by NASLAR, the decline in activity at India’s major exchanges is costing the country’s finances about $700 million (59 billion Indian rupees) in tax revenue.
According to a study, reducing the TDS rate to 0.01% has the potential to double the country’s tax revenue in the coming fiscal year.
So far, India has maintained a somewhat warm and cold relationship with cryptocurrencies, while maintaining a positive outlook on the potential of blockchain technology.
The industry’s growth hit a wall in 2018 when the Reserve Bank of India banned financial institutions from providing services to cryptocurrency businesses. The ban was overturned by the Supreme Court in 2020.
Arrests on the rise in Hong Kong for allegedly buying fake cash in USDT scam
Hong Kong authorities have arrested three more suspects on charges of selling counterfeit banknotes in exchange for the stablecoin Tether (USDT).
Local media reported on July 15 that a 44-year-old businessman was tricked into transferring US$399,000 (HK$3.11 million) worth of USDT.
The businessman then received three bundles of 1,000 Hong Kong dollar notes with the counterfeit notes sandwiched between the real ones.
The suspects met the victim at a hotel in Tsim Sha Tsui, a major shopping district, and then took the victim to Mong Kok to finalize the transaction. It takes about 10 minutes by car to get to Mong Kok.
Police have detained three suspects, one woman and two men, on suspicion of obtaining property by fraud and possessing counterfeit banknotes. If convicted, they could face between 10 and 14 years in prison.
This case is strikingly similar to one in April 2024 where the victim was scammed out of US$128,000 (HK$1 million).
The incident involves “hell notes,” unofficial paper money burned during traditional ancestor worship ceremonies, representing offerings to ancestors in the afterlife.
Also read
characteristic
What Happened in 1971 (And Why It Matters Now)
characteristic
Bitcoin in Senegal: Why Is This African Country Using BTC?
A 35-year-old man was seen stacking up these “hell notes” in exchange for USDT at a Tsim Sha Tsui store. However, the people he claimed were scammers refused to hand over the notes and ran away.
Local media reported that three suspects were arrested and 3,000 Hellnotes were confiscated in May (a month after the victim reported the incident to police).
According to local media, counterfeit fiat currency fraud is on the rise in the city. From January to April 2024, police seized $326,130 worth of counterfeit bills.
Insider Crypto Trading Could Lead to Life in Prison in South Korea
South Korea’s Cryptocurrency Investor Protection Act officially goes into effect on Friday, July 19.
The ‘Virtual Asset User Protection Act’, which came into effect on July 18, 2023, aims to protect the assets of cryptocurrency investors and prohibit unfair trading practices.
This law requires that users’ deposits be kept in a regulated financial institution, separate from the company’s funds. To further protect users’ assets, this law requires that a significant portion of these assets (at least 80% of their economic value) be stored offline, such as in a cold wallet.
Cryptocurrency businesses should also take steps to cover potential liabilities that may arise from hacks or system failures, including by purchasing insurance or setting aside reserves that must cover at least 5% of the economic value of assets not stored offline.
This law prohibits activities such as trading (insider trading), market manipulation, and using nonpublic information for fraud. Violators may face severe penalties, including criminal prosecution and fines.
Criminal penalties can include a minimum of one year in prison and a fine of three to five times the amount of illegal gain. If the illegal gain exceeds $3.6 million (5 billion won), the maximum penalty is life imprisonment and a fine of twice the amount of illegal gain.
Also read
characteristic
Tim Draper’s ‘Strange’ Rules for Successful Investing
characteristic
Crypto Kids Fight Facebook for the Soul of the Metaverse
Hackers Transfer Stolen Cryptocurrency to Markets Linked to Cambodian Prime Minister’s Family
North Korea’s Lazarus Group is accused of laundering at least $35 million worth of USDT from Tron through Cambodian online marketplace Huione Guaranty so far this month.
Blockchain sleuth ZachXBT linked these laundered funds to $305 million worth of Bitcoin stolen from Japanese cryptocurrency exchange DMM in late May, one of the biggest breaches of the year.
According to ZachXBT, off-chain metrics and money laundering techniques make the Lazarus Group the primary suspect behind the DMM hack.
Huione Guarantee is a multi-billion dollar marketplace owned by Huione Group, which also operates the forex business Huione Pay.
According to an investigation by blockchain forensics firm Elliptic, Hun To, a cousin of Cambodian Prime Minister Hun Manet, is believed to be one of the directors of Huione Pay.
Hun To was accused of money laundering and drug trafficking by Australian authorities 10 years ago. Hun To denies the charges.
In a separate report on July 15, Reuters said Huionepay had received about $150,000 from North Korean hackers.
Citing blockchain analysts, Reuters claimed that Huione Pei received funds from an anonymous digital wallet that Lazarus used to deposit assets stolen from three other cryptocurrency companies.
Subscribe
The most interesting articles on blockchain, delivered once a week.
Yoon Yohan
Yohan Yoon is a multimedia journalist covering blockchain since 2017. He has contributed as an editor to Forkast, a cryptocurrency media outlet, and has covered Asian technology stories as an assistant reporter for Bloomberg BNA and Forbes. In his free time, he enjoys cooking and experimenting with new recipes.