India's largest crypto exchange WazirX lost $235M when Lazarus Group compromised its Safe multisig wallet through social engineering of co-signers.
Lazarus Group compromised WazirX's Safe (Gnosis Safe) multisig wallet by targeting co-signers. The attackers manipulated the Safe's UI or signers' devices to replace the displayed transaction data with a malicious payload — a technique nearly identical to the Bybit hack. With enough signatures obtained under false pretenses, the attacker upgraded the Safe implementation to a malicious contract and drained all assets.
Stolen tokens, including $100M in SHIB, were immediately swapped to ETH via Uniswap and other DEXes, crashing several token prices. ETH deposited into Tornado Cash over subsequent days. Lazarus Group attributed by multiple blockchain analytics firms. WazirX disputed with Liminal (custody provider) over responsibility. Indian legal proceedings initiated against WazirX directors.
0x48e53713f4c491f642e98af7d8e2c6d53a8af29ead31f7fc56c1efbc2e5cf3df