Crypto/Web3

How hackers stole more than $230 million from crypto exchange WazirX

Share on
0
The breach occurred in one of WazirX’s multisig walletsThe breach occurred in one of WazirX’s multisig wallets
  • WazirX is india’s largest cryptocurrency exchange
  • The breached wallet had six signatories—five from WazirX team and one from Liminal
  • WazirX has blocked a few deposits and reached out to concerned wallets for recovery

Recently, an Indian cryptocurrency exchange, WazirX, was cyber-attacked and more than $230 million was stolen by the attackers. Speculation had spread about what actually happened and why the breach was so easy for the attackers. Now, the exchange has opened up about what exactly transpired and what the next steps are for the company. 

In an X post, the exchange described the attack as unfortunate and stated its commitment to transparency and community welfare. 

How did the WazirX attack happen? 

The breach occurred in one of their multisig wallets and involved “a loss of funds exceeding $230 million,” WazirX said. 

According to the exchange, the wallet was operated with the services of Liminal's digital asset custody and wallet infrastructure from February 2023.

“The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal's signatory,” the exchange said.

It further explained that a policy to whitelist destination addresses was also in place to enhance security. The whitelisted addresses, the exchange said, were earmarked and facilitated on the interface by Liminal and the WazirX team had the ability to initiate transactions to the said whitelisted addresses.

“The cyber attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker,” WazirX posted on X. 

Security measures

While there have been concerns about the security of users’ funds and the exchange’s ability to protect users’ details, it explained that even befire the attack, it had robust security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy. But regregted that “Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred.”

“This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor. While these are our findings from our preliminary investigation, we will keep you posted with further updates.”

Crypto scammers posing as Coinbase steal $1.7 million from user

Meanwhile, TheRadar earlier reported that scammers who impersonated the popular United States-based cryptocurrency exchange, Coinbase, have swindled a user of the exchange out of $1.7 million. At least three users of the platform have said the scammers have targeted them. 

In an X post, Tegan Kline, co-founder of Edge & Node, said the swindled person is her “good friend”, whose self-custody wallet had been depleted of $1.7 million the after they were duped into disclosing a portion of their seed phrase.

Share on
avatar
Justice NwaforEditor

Justice Nwafor is an award-winning freelance journalist, editor and content writer. His work has been published by several outlets, including HumAngle, Earth Journalism Network, Reuters, SciDevNet and the BBC. In August 2023, his work was recognized as the best in the Business and Environment category at the Sanlam Awards for Excellence in Financial Journalism in South Africa. He is a 2024 finalist for the True Story Award and a panelist at the True Story Festival, both in Bern, Switzerland. Justice is a consummate journalist with experience in reporting environment, global health, business and crypto/web3. Justice focuses on covering the dynamic world of crypto and web3 for TheRadar.

Comments ()

Share your thoughts on this post

Loading...

Similar Posts

Never get outdated, subscribe now.

By subscribing, you will get daily, insightful updates of what you need to know in the news, as regarding politics, lifestyle, entertainment and cryptocurrency. You can always cancel it whenever you wish.

Social:

Subscribe now.

Category