WazirX lost about $235 million after attackers took control of its Safe multisig wallet and drained funds to a main attack address. The source says the operators prepared with small test transactions, likely compromised two private keys, and phished two additional signatures by making signers believe they were approving a normal USDT transfer rather than a malicious Safe upgrade. ZachXBT traced funding through ChangeNOW and Tornado Cash, while Mudit Gupta assessed the operation as methodical enough to point toward DPRK involvement. The article treats that attribution as unconfirmed, so the incident should be tracked as a sophisticated crypto theft with possible, not proven, North Korean links.