WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT: Asia Express
WazirX hackers were preparing 8 days before the $235M theft
The hackers behind the $235 million WazirX crypto exchange breach began preparing onchain at least eight days prior, according to Polygon Labs’s security chief.
WazirX, one of India’s largest cryptocurrency exchanges, lost hundreds of millions to a multisig wallet hack on Thursday, July 18, which is being blamed on North Korean hacking organization Lazarus Group.
Mudit Gupta, the Chief Information Security Officer of Polygon Labs, suggests the hackers had started “practicing” the hack onchain more than a week prior to executing the attack.
It started with hackers upgrading the multisig to a malicious version that would later allow them to drain it, Gupta explained in a July 18 post on X.
(Mudit Gupta)Tarun Mangukiya, the co-founder of payment platform Copperx, believes the hackers may have tricked WazirX into upgrading its Safe Implementation Skeleton.
“Why did they upgrade it instead of just draining?” Gupta asked rhetorically.
Draining takes time and multiple transaction. They likely didn’t have access to all the required private keys and were dependent on signature phishing which they can’t do multiple times without getting caught.”
In a follow-up post on X, WazirX has described the attack as a “force majeure event beyond our control.”
“We have already blocked a few deposits and reached out to concerned wallets for recovery,” it added.
The exchange announced a temporary withdrawal freeze soon after the hack.
India’s crypto sector holds breath for tax relief
Elsewhere in India, the cryptocurrency industry is eagerly hoping for relief from the country’s stringent crypto tax regulations, with India Finance Minister Nirmala Sitharaman set to present the Union Budget for the next fiscal year on July 23.
Since 2022, India has slapped one of the world’s most severe tax regimes on cryptocurrency, with a flat 30% capital gains tax on profits from digital assets, including non-fungible tokens (NFTs).
In addition, a 1% tax deducted at source (TDS) is levied on crypto transactions.
India’s crypto sector has been advocating a reduction in the TDS rate to 0.01% in the forthcoming budget.
Sumit Gupta, CEO of CoinDCX, an exchange involved in pre-budget consultations, says this adjustment is seen as crucial to recapturing business that has shifted to offshore exchanges due to current heavy taxation.
“We have also requested for a reduction in TDS rate… from 1% to 0.01%,” Gupta said in a statement shared with Magazine.
We have also requested for a reduction in capital gains tax rate from 30% to the actual [income bracket] of the assessee.”
Since the introduction of these tax measures in Sitharaman’s 2022 Budget speech, Indian crypto exchanges have seen a drastic decline, with trading volumes plummeting by 97% and active users decreasing by 81%, according to a recent report by The National Academy of Legal Studies and Research (NASLAR).
NASLAR’s research found that the national treasury is losing approximately $700 million (59 billion Indian rupees) in tax revenue due to diminished activity on India’s leading exchanges.
Effective “virtual digital assets” tax rates. (NASLAR)The study suggests that reducing the TDS rate to 0.01% could potentially double the nation’s tax revenue in the upcoming fiscal year.
So far, India has had a hot and cold relationship with cryptocurrency while maintaining a positive outlook toward the potential of blockchain technology.
The industry’s growth hit a wall in 2018 when the Reserve Bank of India, the central bank, prohibited financial institutions from servicing crypto businesses — a ban that was overturned by the Supreme Court in 2020.
More arrests in Hong Kong over fake cash for USDT scam
Hong Kong authorities have arrested three more suspects for allegedly selling counterfeit banknotes in exchange for stablecoin Tether (USDT).
Local media reported on July 15 that a 44-year-old businessman was deceived into transferring $399,000 (3.11 million Hong Kong dollars) in USDT.
The businessman then received three bundles of 1,000 Hong Kong dollar notes, with the counterfeit notes sandwiched by genuine bills.
Suspects met with the victim in a hotel in the major shopping district of Tsim Sha Tsui before being taking him to finalize the deal at Mong Kok district, which is about a 10-minute drive away.
Police have detained three suspects, a woman and two men, on suspicion of obtaining property by deception and possession of counterfeit banknotes. If convicted, they could face sentences ranging from 10 to 14 years in prison.
This case bears a striking resemblance to an incident in April 2024 when a victim was scammed for $128,000 (1 million Hong Kong dollars).
The case involved “hell notes,” which are unofficial paper money burned during traditional ancestral worship ceremonies. These notes represent offerings to ancestors in the afterlife.
A 35-year-old man was shown stacks of these “hell notes” in exchange for USDT in a Tsim Sha Tsui shop. However, the alleged scammers refused to hand over the notes and disappeared.
Local media reported in May (a month after the victim’s police report) that three suspects were arrested and 3,000 hell notes were confiscated.
According to local media, counterfeit fiat scams are on the rise in the city. From January to April 2024, the police busted $326,130 worth of fake notes.
A visual prison cell generated by artificial intelligence
Insider crypto trading in South Korea can now land you life in prison
South Korea’s cryptocurrency investor protection law will officially come into force on Friday, July 19.
The “Act on the Protection of Virtual Asset Users,” enacted on July 18, 2023, aims to safeguard crypto investors’ assets and prohibit unfair trading practices.
The legislation mandates that users’ deposits be segregated from company funds and held by a regulated financial institution. To further protect users’ assets, the law requires that a large chunk of these assets — 80% or more of their economic value — be stored offline, such as in cold wallets.
Crypto businesses are also required to take measures to cover potential liabilities arising from hacking or system failures. These measures include obtaining insurance or setting aside reserves which must cover at least 5% of the economic value of assets not stored offline.
The law prohibits activities such as using undisclosed information for trading (insider trading), market manipulation, and fraud. Violations can result in severe penalties, including criminal charges and fines.
Criminal penalties may include imprisonment for at least one year, with fines ranging from three to five times the amount of illegal gains. If the illegal gains exceed $3.6 million (5 billion Korean won), the maximum penalty can be life imprisonment, along with fines amounting to twice the illegal gains.
Hackers send stolen crypto to marketplace with ties to Cambodia PM’s family
North Korea’s Lazarus Group is suspected of laundering at least $35 million in USDT on Tron so far this month through the online Cambodian marketplace Huione Guarantee.
Blockchain detective ZachXBT linked these laundered funds to the $305 million worth of Bitcoin stolen from DMM, a Japanese cryptocurrency exchange that suffered the year’s most significant breach in late May.
According to ZachXBT, offchain indicators and laundering techniques suggest that the Lazarus Group is the prime suspect in the DMM hack.
Huione Guarantee is a multibillion-dollar marketplace owned by the Huione Group, which also operates the foreign exchange business Huione Pay.
An investigation by blockchain forensics firm Elliptic alleges that Hun To, a cousin of Cambodian Prime Minister Hun Manet, is one of the directors of Huione Pay.
Hun To was reportedly suspected of money laundering and drug trafficking by Australian authorities over a decade ago. Hun To has denied the allegations.
In a separate report on July 15, Reuters found that Huione Pay received approximately $150,000 from North Korean hackers.
Reuters-cited blockchain analysts claiming that Huione Pay received funds from an anonymous digital wallet used by Lazarus to deposit stolen assets from three different crypto firms.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ethena’s risky path: A synthetic stablecoin cautionary tale
How currencies for online games were created
10 signs you’ve been in the crypto industry too long
Meta reportedly cut metaverse budget by 20% as Q2 earnings call looms