WazirX cyber attack update: Company discloses initial findings

Hours after prominent Indian cryptocurrency exchange WazirX fell prey to a cyber attack which led to a loss of funds exceeding $230 million, the company has revealed its preliminary findings related to it.

“A cyber attack occurred in one of our multisig wallets involving a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal’s digital asset custody and wallet infrastructure from February 2023,” WazirX said.

Web3 security firm Cyvers had first detected several suspicious transactions that moved $234.9 million of funds from the exchange’s wallet to a new address. 

It had flagged the same in a post on ‘X’ earlier on Thursday.

The attacker had already swapped multiple assets, including Tether, Pepe, and Gala, to Ether, by the time the hack was brought out in public domain.

Wallet configuration and breach mechanics

The company in its statement laid out the wallet configuration mechanism and how the breach may have occurred.

“The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal’s signatory. A policy to whitelist destination addresses was also in place to enhance security. These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses.”

How did the attack occur?

“The cyber attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.”

According to the company, it has “robust” security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy.

“Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred,” it said.

Action taken by the company

WazirX said the event was a “force majeure”, beyond its control but it is putting in its best efforts to locate and recover the funds.

We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor.

The post WazirX cyber attack update: Company discloses initial findings appeared first on Invezz