WazirX Security Breach: $230 Million in Ethereum and Other Cryptos Stolen

• In a significant development, WazirX, the leading cryptocurrency exchange in India, faced a severe security breach affecting one of its multisig wallets.
• The breach led to the theft of over $230 million in various cryptocurrencies, raising serious concerns about the exchange’s security protocols.
• An official announcement from WazirX and insights from cryptographic analysis firms provided detailed information on the incident.

The WazirX hack resulted in a massive $230 million loss, casting doubt on the security of cryptocurrency exchanges and impacting user trust in digital asset platforms.

WazirX Sustains Major Security Breach

WazirX recently revealed that a sophisticated cyber attack compromised one of its multisig wallets, resulting in a substantial loss of over $230 million. The attack specifically targeted the wallet’s security infrastructure, allowing the perpetrators to drain significant amounts of various cryptocurrencies. WazirX has disclosed preliminary findings of the incident to maintain transparency and inform its community about the seriousness of the breach.

Details of the Stolen Assets

According to data analytics from Arkham Intelligence, the assailant managed to siphon approximately $102.1 million in Shiba Inu (SHIB) tokens, which have since been liquidated. Additionally, data from Elliptic indicates that the breach resulted in the theft of $52.6 million in Ether, $11 million in Matic, and $7.6 million in Pepe tokens. These stolen assets constitute over 45% of WazirX’s total reserves as reported in June 2024, severely undermining potential recovery efforts for affected users.

How Did the Breach Occur?

WazirX’s examination revealed that the breach was a consequence of a discrepancy between the transaction details displayed on Liminal’s interface and the actual transactions carried out. It’s suspected that the cyber attackers manipulated payload information to gain control over the multisig wallet. The wallet, regulated by Liminal’s digital custody infrastructure, included a multisig setup involving six signatories – five from WazirX and one from Liminal.

Skepticism from the Crypto Community

The Indian crypto community has responded with skepticism to the breach, questioning how a wallet with multiple security layers and signatures could be compromised. Prominent crypto YouTuber Pankaj Tanwar pointed out the improbabilities involved, suggesting the breach would have more extensive implications for the Indian crypto landscape.

Security Measures and Policy Whitelisting

WazirX had implemented robust security measures including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy. However, these weren’t enough to prevent the breach. The hacker circumvented these protective measures and diverted funds to unauthorized addresses, demonstrating a high level of sophistication and understanding of the security protocols in place.

Conclusion

The WazirX breach has sent shockwaves through the cryptocurrency market, highlighting vulnerabilities even in seemingly secure systems. This incident underscores the critical need for continual advancements in security measures and increased vigilance. As the investigation continues, WazirX is expected to provide more detailed findings, which will be crucial for understanding how to prevent such incidents in the future.