North Korean Crypto Theft – WazirX $200M Hack

by 

Prabhu Rajasekar

CyJurII Scholar

on 20 September 2025

Abstract

The $200 million theft from India’s WazirX cryptocurrency exchange in February 2025, attributed to the Lazarus Group of North Korea, constitutes one of the most significant transnational cybercrime incidents of the year. The case underscores the convergence of state-sponsored cyberattacks, financial fraud, and international sanctions evasion, thereby exposing critical vulnerabilities in global financial systems. This study applies the FIRREAC method which includes Facts, Issue, Rule, Rule Explanation, Analysis, and Conclusion, to structure legal and forensic analysis. A comparative assessment across India, the United States, the European Union, China, and the United Nations reveals the fragmented nature of global cyber jurisprudence and enforcement. The study situates the case within broader debates on digital justice, evolving cyber norms, judicial innovation, and cybernetics, emphasizing the urgent need for harmonized international legal frameworks, standardized evidentiary approaches, and enhanced forensic cooperation in the digital era.

Facts

In February 2025, North Korean hackers linked to the Lazarus Group infiltrated the systems of WazirX, one of India’s largest cryptocurrency exchanges, siphoning off $200 million worth of digital assets within an hour. Funds were rapidly laundered using mixers, cross-chain swaps, and over the counter (OTC) brokers in China and Southeast Asia. Blockchain analytics firms traced the stolen funds through multiple wallets, with portions identified by the U.S. Treasury and CERT-In (India’s Computer Emergency Response Team). The case drew immediate attention from Interpol, Europol, and the U.S. Department of Justice (DOJ) because of its transnational impact and links to North Korea’s weapons program financing, in violation of UN sanctions.

Issue

The key legal questions arising from this case are:

1.      Can state-sponsored cybercriminals be held accountable under transnational law, even when sheltered by non-cooperative jurisdictions (e.g., North Korea)?

2.      How do different courts interpret and admit blockchain forensic evidence?

3.      Which legal frameworks govern transnational crypto theft: national statutes (India’s DPDP Act and PMLA), regional regulations (EU’s GDPR and MiCA), or international instruments (Budapest Convention, UN Cybercrime Convention 2023)?

4.      How do privacy rights, jurisdictional claims, and cyber norms intersect in adjudicating such cases?

Rule

Domestic Laws:

Ø  India: Digital Personal Data Protection Act (2023); Prevention of Money Laundering Act (2002); Information Technology Act (2000, amended)

Ø  United States: Computer Fraud and Abuse Act (18 U.S.C. §1030); Office of Foreign Assets Control (OFAC) Sanctions; Anti-Money Laundering Act (2020)

Ø  European Union: General Data Protection Regulation (GDPR); Markets in Crypto Assets Regulation (MiCA, 2023)

Ø  China: Personal Information Protection Law (2021); strict state controls on crypto trading (ban since 2021)

International Law & Norms:

ü  UN Security Council Resolutions 1718 and 2397 prohibit North Korea’s access to international financial systems

ü  Budapest Convention on Cybercrime (2001)

ü  UN Cybercrime Convention (2023)

ü  FATF Standards on AML/KYC requirements for crypto exchanges

Rule Explanation

Indian law criminalizes fraud and mandates AML/KYC compliance but lacks extraterritorial enforcement powers. U.S. law asserts extraterritorial jurisdiction where U.S. victims, servers, or financial flows are implicated. EU courts emphasize privacy and data protection alongside AML enforcement. China bans crypto trading, but its informal OTC networks enable laundering of stolen funds. The UN framework criminalizes sanctions evasion and mandates cooperation, but enforcement is weakened by non-cooperation from key states (North Korea, Russia, China).

Analysis

1.      Digital Evidence: Blockchain forensics traced flows of Bitcoin and Ethereum. Courts differ in admissibility:

- U.S. courts accept blockchain evidence if chain of custody preserved (cf. United States v. Harmon, 2021).

- Indian courts are adapting under Indian Evidence Act 2023 amendments.

- EU courts demand proportionality and GDPR compliance.

2.      Privacy & Data Protection:

- EU (GDPR) protects individual data, limiting certain forensic methods.

- India’s DPDP Act prioritizes state interest over privacy.

- U.S. balances privacy with national security.

3.      Jurisdictional Issues:

- India lacks power to extradite North Koreans or seize overseas wallets.

- U.S. often issues indictments in absentia.

- EU relies on MLATs, slowing enforcement.

- China remains opaque, undermining global asset recovery.

4.      Cyber Norms & Judicial Innovation:

- U.S. courts set extraterritorial cyber norms.

- EU emphasizes human rights and proportionality.

- Indian judiciary balances sovereignty with obligations.

- Courts begin citing blockchain analytics and AI attribution.

5.      Cybernetics Perspective:

This case illustrates feedback loops: law enforcement disrupts laundering paths, hackers adapt via cross-chain bridges and privacy coins.

Conclusion

The WazirX hack exemplifies the complexity of transnational cyber jurisprudence. The case demonstrates that while digital forensics and blockchain analytics provide unprecedented clarity in tracing stolen funds, jurisdictional fragmentation and geopolitical barriers prevent effective prosecution.

Recommendations:

1. Ratify and operationalize the UN Cybercrime Convention (2023).

2. Train courts to handle blockchain forensic evidence as primary admissible material.

3. Develop harmonized standards balancing privacy with investigative necessity.

4. Establish a UN Cyber Threat Intelligence & Evidence Hub.

5. Create global compensation mechanisms for retail investors impacted by cyber thefts.

Ultimately, the case highlights the inability of fragmented jurisdictions to enforce digital justice. Courts must evolve cyber norms, embrace forensic innovation, and align transnationally to safeguard cyberspace.

References

1.      United States v. Harmon, 474 F. Supp. 3d 76 (D.D.C. 2021).

2.      Internet and Mobile Association of India v. RBI, (2020) 10 SCC 274.

3.      CJEU, Schrems II, Case C-311/18 (2020).

4.      U.S. DOJ, 'North Korean Cyber Criminal Activities' (Press Release, 2025).

5.      Europol, 'Crypto Crime and North Korea' (2025), https://www.europol.europa.eu

6.      Interpol, 'Cryptocurrency Crime' (2025), https://www.interpol.int/en/Crimes/Financial-crime

7.      Chainalysis, '2024 North Korea Crypto Hacks Report', https://blog.chainalysis.com/reports

8.      Reuters, 'North Korea Crypto Thefts Analysis' (2025), https://www.reuters.com/technology