The WazirX hacker — likely the Korean Lazarus Group — reportedly compromised authorized addresses directly or via social engineering.