- WazirX is india’s largest cryptocurrency exchange
- The breached wallet had six signatories—five from WazirX team and one from Liminal
- WazirX has blocked a few deposits and reached out to concerned wallets for recovery
Recently, an Indian cryptocurrency exchange, WazirX, was cyber-attacked and more than $230 million was stolen by the attackers. Speculation had spread about what actually happened and why the breach was so easy for the attackers. Now, the exchange has opened up about what exactly transpired and what the next steps are for the company.
In an X post, the exchange described the attack as unfortunate and stated its commitment to transparency and community welfare.
How did the WazirX attack happen?
The breach occurred in one of their multisig wallets and involved “a loss of funds exceeding $230 million,” WazirX said.
According to the exchange, the wallet was operated with the services of Liminal's digital asset custody and wallet infrastructure from February 2023.
“The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal's signatory,” the exchange said.
It further explained that a policy to whitelist destination addresses was also in place to enhance security. The whitelisted addresses, the exchange said, were earmarked and facilitated on the interface by Liminal and the WazirX team had the ability to initiate transactions to the said whitelisted addresses.
“The cyber attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker,” WazirX posted on X.
Security measures
While there have been concerns about the security of users’ funds and the exchange’s ability to protect users’ details, it explained that even befire the attack, it had robust security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy. But regregted that “Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred.”
“This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor. While these are our findings from our preliminary investigation, we will keep you posted with further updates.”
Crypto scammers posing as Coinbase steal $1.7 million from user
Meanwhile, TheRadar earlier reported that scammers who impersonated the popular United States-based cryptocurrency exchange, Coinbase, have swindled a user of the exchange out of $1.7 million. At least three users of the platform have said the scammers have targeted them.
In an X post, Tegan Kline, co-founder of Edge & Node, said the swindled person is her “good friend”, whose self-custody wallet had been depleted of $1.7 million the after they were duped into disclosing a portion of their seed phrase.