ETH
by BSCN
July 19, 2024
WazirX reportedly reached out to over 500 exchanges to block identified addresses, with many exchanges cooperating.
On July 18, 2024, WazirX, one of the largest cryptocurrency exchanges, confirmed a significant security breach that resulted in the loss of about $235 million from one of its multisig wallets.
The breach led the exchange to temporarily halt withdrawals of Indian Rupees (INR) and cryptocurrencies, raising alarms within the crypto community.
WazirX reported that the attack targeted a multisig wallet—a wallet requiring multiple private keys to authorize transactions. The compromised wallet had been in use since February 2023, leveraging digital asset custody services provided by Liminal.
The security breach involved a loss exceeding $230 million, triggering an immediate response from WazirX to secure the remaining assets and address the situation.
The affected wallet had six signatories: five from the WazirX team and one from Liminal. Typically, a transaction needed approval from three of the WazirX signatories, who used Ledger Hardware Wallets for added security, followed by final approval from Liminal’s representative.
Despite these security measures, the breach reportedly occurred due to a mismatch between the data displayed on Liminal’s interface and the transaction details. The transaction payload was apparently manipulated to gain unauthorized control over the wallet.
According to WazirX, the attack exploited a discrepancy between the data shown and what was signed, likely replacing the transaction payload to redirect funds. Although the multisig wallet and whitelisting policies were in place to safeguard assets, the attackers managed to breach these defenses.
In response to the hack, WazirX filed a police complaint and initiated additional legal actions.
The exchange reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. They reached out to over 500 exchanges to block the identified addresses and are collaborating with them to recover the stolen funds.
📢 Update: In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 19, 2024
» Immediate Actions: We have reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.…
WazirX is reportedly working with forensic experts and law enforcement agencies to trace the stolen funds and recover customer assets. They are also conducting a thorough analysis of the attack to understand its scope and prevent future breaches.
WazirX assured its users that it is committed to resolving the situation and is taking all necessary steps to address the breach.
Mudit Gupta, Chief Information Security Officer at Polygon Labs, suggested that the hackers had been preparing for the attack for over a week. According to Gupta, the hackers upgraded the multisig to a malicious version, enabling them to drain the wallet.
Blockchain analysts suspect that the Lazarus Group, a notorious North Korean hacking collective, might be behind the attack.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
0h : 49m ago
Singapore MAS Announces Plans to Boost Asset Tokenization in Finance
3h : 4m ago
Binance Co-Founder Yi He Denies Claims of High Listing Fees on the Exchange
5h : 19m ago
Crypto Casino Metawin Hacked for $4M+ Due to Withdrawal System Exploit
November 2, 2024
Weekly Article Recap: 10/28-11/01
November 1, 2024
Injective Unveils AUSD: The First Native Stablecoin on Its Blockchain
November 1, 2024
Immutable Responds to SEC Wells Notice, Asserts IMX Token is Not a Security
October 31, 2024
TRON DAO Joins Chainlink SCALE, Adopts Chainlink Data Feeds for DeFi Ecosystem
October 31, 2024
Reddit Sells Majority of Crypto Portfolio, Offloading Bitcoin and Ethereum