Latest news with #LazarusGroup

WazirX Offers Partial Repayment Amid Court‑Mandated Restructuring

Arabian Post

14-06-2025

Business
Arabian Post

WazirX Offers Partial Repayment Amid Court‑Mandated Restructuring

WazirX has unveiled a revised restructuring plan under Singapore High Court oversight that proposes to repay approximately 85% of users' pre‑hack balances, while the remaining 15% would be settled over time through a Recovery Token mechanism. A final court decision is expected by 20 June, setting the stage for ensuing repayments. A hack that occurred on 18 July 2024 led to the theft of nearly US $235 million from the exchange's wallets, widely attributed to North Korean Lazarus Group operatives. WazirX parent company Zettai Pte Ltd subsequently secured a moratorium in Singapore and initiated a formal Scheme of Arrangement allowing creditors to vote on recovery proposals. By April, rebalancing of assets was completed, enabling the exchange to present each affected user's USD and INR valuations based on their 18 July 2024 holdings. Around 93% of creditors voted in favour of this plan in April, far exceeding the 75% threshold required by law. ADVERTISEMENT Under the scheme, the initial payment—estimated at 85% of the original holdings—would be disbursed in either the original asset or USDT within ten business days of court approval. The remaining 15% would be issued as RTs, tradable tokens redeemable via quarterly buybacks funded from WazirX's profits or recovered assets. Risks remain, however: if creditors reject the plan, the court may order liquidation under Section 301 of the Singapore Companies Act. That scenario could trigger asset fire‑sales, reducing recovery potential and extending the timeline until 2030. Community reaction is mixed. Many users have expressed doubts over the exchange's transparency and the partial compensation model. Subreddits suggest a collective legal response is forming in Kerala and beyond. One user asserted: 'If anyone still believes that WazirX will return our funds without us taking any action — that hope is gone after yesterday's court decision.' Meanwhile, creditor‑activist voices have argued the restructuring represents a better outcome than liquidation. As one FTX creditor remarked, it is 'far superior to liquidation' for preserving value. CoinSwitch has also launched a parallel initiative named CoinSwitch Cares, offering affected users a potential path to full recovery—up to ₹600 crore—with added incentives for sign‑ups and referrals. However, that scheme depends on WazirX restoring withdrawal functionality. The Singapore High Court's deadline of 20 June will determine whether the court grants final sanction to WazirX's Scheme of Arrangement. Should it proceed, initial disbursements would begin between late June and July. If it's rejected, WazirX would head into liquidation—triggering a protracted, uncertain payout stretching possibly until 2030, with potentially deep losses. WazirX's recovery architecture combines immediate restitution and long‑term tools designed to align creditor outcomes with the firm's future performance. The RT buyback mechanism underscores this approach, offering users potential upside linked to the exchange's profitability and asset recovery. Users must act to verify claims through WazirX's Claim Tracker, accept the rebalanced valuations, and monitor further updates. Approval hinges on the court's formal order and the willingness of creditors to embrace a controlled, phased repayment versus the uncertain prospects of full liquidation.

From Trust to Turmoil: The WazirX Saga and the Imperative for Accountability in Crypto Exchanges

Hans India

06-06-2025

Business
Hans India

From Trust to Turmoil: The WazirX Saga and the Imperative for Accountability in Crypto Exchanges

By Vikram Subburaj, CEO, Giottus Crypto Platform In the annals of crypto history, the WazirX debacle stands as a stark reminder of the perils inherent in centralized exchanges operating without stringent oversight. The July 2024 hack, mostly attributed to the notorious Lazarus Group, resulted in the loss of approximately $230 million. It left over 4.4 million users in a dire situation. The subsequent legal proceedings have been protracted and the court is also reviewing a user-backed plan to recover 85% of the stolen funds. While this plan has garnered support from 93% of users, the remaining 15% of assets remain unresolved. As such, we do not know of any timeline for full restitution. Accountability: A Non-Negotiable Mandate Exchanges must be held to the highest standards of accountability, especially in an emerging sector like crypto. The WazirX incident underscores the necessity for exchanges to have robust security protocols, transparent operations, and contingency plans to protect user assets. The lack of timely communication also accentuated the problem and eroded user trust and highlighted systemic vulnerabilities. Regulatory Clarity: The Need of the Hour The absence of clear regulatory frameworks exacerbates the challenges faced during such crises. India's much-awaited crypto regulations are expected to draw from global standards set by the IMF and FSB. The Union Ministry of Economic Affairs is also working on a crucial concept paper. The regulations will aim to establish a more secure and transparent environment for digital assets trading. As of now, all worthy exchanges in India mandate stringent KYC/AML procedures and regular audits. The regulations may also look at capital adequacy norms to ensure exchanges can withstand financial shocks, like in case of WazirX. Proactive Measures for Users: Navigating Future Crises In light of such incidents, users must adopt a proactive stance to safeguard their investments: Due Diligence: Before engaging with an exchange, assess its security infrastructure, regulatory compliance, and historical performance. Self-Custody: Utilize hardware wallets or other secure storage solutions to maintain control over your assets. Stay Informed: Regularly monitor official communications from exchanges and regulatory bodies to stay abreast of developments. Legal Recourse: In the event of fund loss, promptly consult legal experts to explore avenues for restitution. Community Engagement: Join user groups and forums to share information, coordinate actions, and amplify collective concerns. However, be wary of alarmist social media messages that could drive users to panic. Rely on respected and reliable sources before you act. Diversification: Avoid concentrating assets in a single platform or asset class to mitigate risk exposure. The WazirX episode serves as a cautionary tale, and it emphasises the critical need for accountability, regulatory clarity, and user vigilance in the crypto ecosystem. As the industry matures, stakeholders must collaborate to build a resilient infrastructure that prioritises the security and trust of its users.

Malicious packages are threatening software supply chains

Tahawul Tech

02-06-2025

Business
Tahawul Tech

Malicious packages are threatening software supply chains

Kaspersky's Global Research and Analysis Team experts reported that by the end of 2024 a total of 14,000 malicious packages were found in open-source projects, a 48% increase compared to the end of 2023. 42 million versions of open-source packages have been examined by Kaspersky throughout 2024 in search for vulnerabilities. Open-source is software with source code that anyone can inspect, modify, and enhance. Popular open-source packages include GoMod, Maven, NuGet, npm, PyPI, and others. These are tools that power countless applications and help developers easily find, install, and manage pre-built code libraries, making it simpler to build software by reusing code others have written. Attackers take advantage of the popularity of these and other packages. In March 2025, the Lazarus Group was reported to have deployed several malicious npm packages, which were downloaded multiple times before removal. These packages contained malware to steal credentials, cryptocurrency wallet data, and deploy backdoors, targeting developers' systems across Windows, macOS, and Linux. The attack leveraged GitHub repositories for added legitimacy, highlighting the group's sophisticated supply chain tactics. Kaspersky's GReAT also found other npm packages related to this attack. Malicious npm packages could have been integrated into web development, cryptocurrency platforms, and enterprise software, risking widespread data theft and financial losses. In 2024, a sophisticated backdoor was discovered in XZ Utils versions 5.6.0 and 5.6.1, a widely used compression library in Linux distributions. Inserted by a trusted contributor, the malicious code targeted SSH servers, enabling remote command execution and threatening countless systems globally. Detected before widespread exploitation due to performance anomalies, the incident highlighted the dangers of supply chain attacks. XZ Utils is integral to operating systems, cloud servers, and IoT devices, making its compromise a threat to critical infrastructure and enterprise networks. In 2024, Kaspersky's GReAT discovered that attackers uploaded malicious Python packages like chatgpt-python and chatgpt-wrapper to PyPI, mimicking legitimate tools for interacting with ChatGPT APIs. These packages, designed to steal credentials and deploy backdoors, capitalised on the popularity of AI development to trick developers into downloading them. These packages could have been used in AI development, chatbot integrations, and data analytics platforms, endangering sensitive AI workflows and user data. 'Open-source software is the backbone of many modern solutions, but its openness is being weaponised. The 50% rise in malicious packages by the end of 2024 shows attackers are actively embedding sophisticated backdoors and data stealers in popular packages, which millions rely on. Without rigorous vetting and real-time monitoring, a single compromised package can trigger a global breach. Organisations need to secure the supply chain before the next XZ Utils-level attack succeeds,' comments Dmitry Galov, Head of Research Centre for Russia and CIS at Kaspersky's Global Research and Analysis Team. To stay safe, Kaspersky recommends: Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside. If you suspect that a threat actor may have gained access to your company's infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks. Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker. Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond. Image Credit: Stock Image

These crypto detectives helped crack North Korea's latest $1.5 billion blockchain heist

Fast Company

30-05-2025

Business
Fast Company

These crypto detectives helped crack North Korea's latest $1.5 billion blockchain heist

Crypto criminals can't hide The single largest cryptocurrency heist in history took place one day in late February, when hackers exploited system vulnerabilities in Bybit, a Dubai-based crypto exchange, siphoning off a whopping $1.5 billion in digital assets within minutes. Bybit's security team immediately launched an investigation that would eventually involve the FBI and several blockchain intelligence companies. Among those involved from the beginning were the experts at TRM Labs, a San Francisco-based company of around 300 that analyzes the blockchain networks which power cryptocurrency transactions to investigate—and prevent—fraud and financial crimes. 'Literally from the first minutes, we were involved,' says Ari Redbord, the company's global head of policy, 'working with Bybit and law enforcement partners like the FBI to track and trace funds.' The attack was soon attributed to a North Korean state-sponsored hacker organization commonly known as Lazarus Group. Lazarus has been blamed for a series of high-profile cybercrimes in recent years, including the 2014 hack on Sony Pictures Entertainment, the 2016 digital heist from the Bangladeshi central bank and, more recently, billions of dollars in digital currency thefts. TRM was among the first to attribute the Bybit attack after detecting an overlap between the blockchain resources used here and those used in Lazarus's previous thefts. Since then, the company has harnessed its expertise in tracking crypto to keep law enforcement abreast of where the stolen funds are headed, following them from blockchain to blockchain and through clever concealment mechanisms. 'We were very much built for an investigation like this,' Redbord says. The final deadline for Fast Company's Brands That Matter Awards is this Friday, May 30, at 11:59 p.m. PT. Apply today.

Business Mayor

21-05-2025

Business
Business Mayor

The 6 Largest Crypto Exchange Hacks (That Lived to Trade Again)

If you still think crypto exchanges are impenetrable fortresses where your coins sleep safely in cold vaults under layers of ISO certifications and partner-signed audits — time to wake up. **Proof of Reserves?**Anyone can fake a spreadsheet — especially when the 'audit' is done by a partner company that gets paid by the exchange itself. **Licenses and certificates?**They don't stop a spilled-coffee sysadmin or an unpatched hot wallet. Or Lazarus, who's probably already inside the building. Even the biggest CEXes, pushing billions in daily volume, have been taken down — not by theoretical bugs, but by real exploits. This is a breakdown of 6 major crypto exchanges that didn't just get hacked — they got drained. Hundreds of millions gone. And yet… they survived. Some even got stronger. Because in crypto, like in horror movies: If it didn't kill you — it made you meaner. Bitfinex (2016): $65M then, $4.5B now What happened: Hackers exploited a flaw in the BitGo multi-sig wallet integration and stole 120,000 BTC. Hackers exploited a flaw in the BitGo multi-sig wallet integration and stole 120,000 BTC. How they survived: 6 years later, the FBI recovered 94,000 BTC. Why? The hackers saved their seed phrases in the cloud. Yes. Really. 6 years later, the FBI recovered 94,000 BTC. Why? The hackers saved their seed phrases in the cloud. Yes. Really. Lesson: Even top exchanges can mess up architecture. And hackers? Sometimes they're not elite cyber-ninjas — just clumsy amateurs with Google Drive. Binance (2022): $570M and a bridge to nowhere The heist: An attacker forged proofs and minted 2 million BNB via a bug in Binance Bridge. An attacker forged proofs and minted 2 million BNB via a bug in Binance Bridge. What they saved: $100M frozen fast. The rest vanished across chains. $100M frozen fast. The rest vanished across chains. The fix: Binance paused the entire BSC network. Drastic, but effective. Binance paused the entire BSC network. Drastic, but effective. Moral: Even the biggest players can't save a bad bridge. Especially when you are the bridge. Read More How Matter Labs' ZK Stack Helps Celo's Layer 2 Migration Bybit (2025): $1.5B — a record no one brags about The breach: Cold wallets compromised. Vault-grade security, front-desk level key storage. Cold wallets compromised. Vault-grade security, front-desk level key storage. Who did it: Likely Lazarus Group. Again. Likely Lazarus Group. Again. Recovered: ~$43M via bug bounties, FBI, and German law enforcement. ~$43M via bug bounties, FBI, and German law enforcement. Takeaway: 'Cold' doesn't mean invincible. Especially if the keys aren't that cold to begin with. Exploit: Hackers bypassed two-factor authentication. Hackers bypassed two-factor authentication. Initial response: 'Nothing was stolen.' Days later: 'Okay, $33.7M was stolen.' 'Nothing was stolen.' Days later: 'Okay, $33.7M was stolen.' Fix: Complete rebuild of 2FA. Complete rebuild of 2FA. Lesson: If you're a centralized service — you are a target. Period. KuCoin (2020): $280M and a lesson in recovery What happened: Classic hot wallet compromise. Classic hot wallet compromise. Recovery: $204M recovered via token freezes, community help, and enforcement. $204M recovered via token freezes, community help, and enforcement. Impressive: One of the few exchanges to get most of it back. One of the few exchanges to get most of it back. MVP: Speed and strong alliances. BingX (2024): $52M and a classic script The exploit: Hot wallets compromised across chains. One key for all. Hot wallets compromised across chains. One key for all. Culprit: Probably Lazarus again. Probably Lazarus again. Response: Promised full reimbursement. Still pending. Promised full reimbursement. Still pending. Note: It's always the hot wallets. Always. (2023): Panic without a hack Fact: No hack occurred. No hack occurred. But: Twitter rumors sparked a bank run. GT token dipped. Twitter rumors sparked a bank run. GT token dipped. Their move: Released proof-of-reserves showing $10B+ in assets. Released proof-of-reserves showing $10B+ in assets. Conclusion: Not all attacks are technical — some are just viral FUD. MEXC & WhiteBIT: The hunters, not the hunted According to CoinGlass rankings: MEXC: No major breaches. Actively freezes stolen funds. No major breaches. Actively freezes stolen funds. WhiteBIT: Helped recover $16M from hack. You don't have to be a victim to be a hero. Or at least a sidekick. What all these cases teach us: Hot wallets = hot mess Once funds are online, it's not 'if' — it's when. Read More Circle's IPO: A launchpad for mainstream stablecoin adoption? Too-centralized keys = disaster One private key to rule them all? Not DevOps — just dumb. Social engineering, Lazarus, and human error Hackers don't just crack code — they crack people. Slow reaction = bigger losses The longer you sleep, the less you get back. Everyone helps everyone (if you're not a scam) Exchanges, governments, analytics firms — they cooperate. Because one hack can shake trust in the entire ecosystem. So what makes an exchange actually 'secure'? I used to think the safest exchange is the one that nevergot I know — it's the one that got hit, but bounced back. The one that recovered funds. Or helped others do it. Those quiet, 'never-hacked' platforms? Maybe they've just never noticed. Cold storage is great — but not always practical. Diversify across 5–10 CEXes, not based on certifications, but on how they handled real fires. Look for real customers, real recovery stories, and transparency that isn't just cosmetic. The next attack is just a matter of when. So ask yourself: Will your exchange be ready?