ETH
by BSCN
July 19, 2024
WazirX reportedly reached out to over 500 exchanges to block identified addresses, with many exchanges cooperating.
On July 18, 2024, WazirX, one of the largest cryptocurrency exchanges, confirmed a significant security breach that resulted in the loss of about $235 million from one of its multisig wallets.
The breach led the exchange to temporarily halt withdrawals of Indian Rupees (INR) and cryptocurrencies, raising alarms within the crypto community.
WazirX reported that the attack targeted a multisig wallet—a wallet requiring multiple private keys to authorize transactions. The compromised wallet had been in use since February 2023, leveraging digital asset custody services provided by Liminal.
The security breach involved a loss exceeding $230 million, triggering an immediate response from WazirX to secure the remaining assets and address the situation.
The affected wallet had six signatories: five from the WazirX team and one from Liminal. Typically, a transaction needed approval from three of the WazirX signatories, who used Ledger Hardware Wallets for added security, followed by final approval from Liminal’s representative.
Despite these security measures, the breach reportedly occurred due to a mismatch between the data displayed on Liminal’s interface and the transaction details. The transaction payload was apparently manipulated to gain unauthorized control over the wallet.
According to WazirX, the attack exploited a discrepancy between the data shown and what was signed, likely replacing the transaction payload to redirect funds. Although the multisig wallet and whitelisting policies were in place to safeguard assets, the attackers managed to breach these defenses.
In response to the hack, WazirX filed a police complaint and initiated additional legal actions.
The exchange reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. They reached out to over 500 exchanges to block the identified addresses and are collaborating with them to recover the stolen funds.
📢 Update: In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 19, 2024
» Immediate Actions: We have reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.…
WazirX is reportedly working with forensic experts and law enforcement agencies to trace the stolen funds and recover customer assets. They are also conducting a thorough analysis of the attack to understand its scope and prevent future breaches.
WazirX assured its users that it is committed to resolving the situation and is taking all necessary steps to address the breach.
Mudit Gupta, Chief Information Security Officer at Polygon Labs, suggested that the hackers had been preparing for the attack for over a week. According to Gupta, the hackers upgraded the multisig to a malicious version, enabling them to drain the wallet.
Blockchain analysts suspect that the Lazarus Group, a notorious North Korean hacking collective, might be behind the attack.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
0h : 52m ago
OKX Ventures, The Open Platform, and Folius Ventures Launch $10M Telegram Growth Hub
October 29, 2024
Is Bitcoin Set to Soar Even Higher?
October 29, 2024
DWF Labs Dismisses Partner Amid Drink-Spiking Allegations in Hong Kong
October 29, 2024
Visa and FV Bank Debut New Debit and Expense Cards, Bridging Crypto and Fiat Global Payments
October 29, 2024
Bitcoin Surges Past $71,000: What Could be the Possible Reasons?
October 29, 2024
Hong Kong Expands Tax Incentives to Include Virtual Assets, Targeting Institutional Investors
October 28, 2024
Dogecoin Surges Amid Musk and Trump Connections
October 28, 2024
Could Robinhood’s U.S.-Only Election Market Predict Results Better by Excluding Foreign Influence?