WazirX Hack: Over $200M in ETH and Other Crypto Stolen Amid Security Breach

• This week, Indian cryptocurrency exchange WazirX suffered a significant security breach.
• Over $230 million in digital assets, including SHIB, ETH, PEPE, and MATIC, were stolen.
• The use of Tornado Cash by the attackers has complexified the situation further.
• WazirX is collaborating with over 500 exchanges and India’s Financial Intelligence Unit (FIU) to recover the stolen funds.
• The exchange is committed to recovering all stolen assets as soon as possible.

WazirX grapples with a major security breach, striving to recover over $230 million in stolen assets. Details on the attack and ongoing recovery efforts inside.

WazirX Hack: Unfolding the Incident

On July 18, 2024, WazirX, an Indian crypto exchange, disclosed a significant security breach that resulted in the loss of digital assets worth over $230 million. The hack has left users anxious about the security of their holdings and the exchange’s ability to retrieve the stolen funds.

Details of the Security Breach

WazirX revealed through their social media account, X, that one of their multisig wallets had been compromised. This multisig wallet, secured using Liminal’s infrastructure, required multiple signatories for transaction authorization — three from WazirX and one from Liminal.

Despite these stringent security measures, the attackers exploited a discrepancy in Liminal’s interface data and the actual transaction contents. This allowed them to alter the transaction payload and gain control of the wallet.

Immediate Actions Taken by WazirX

Following the attack, WazirX promptly suspended INR and crypto withdrawals to safeguard remaining assets. They also lodged a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In, India’s cyber incident response agency. WazirX reached out to over 500 exchanges to block the implicated addresses involved in the theft.

Collaboration with Other Exchanges and Regulatory Bodies

Many exchanges are reportedly cooperating in the investigation. Preliminary findings indicate a sophisticated cyber attack exploiting the interface and transaction verification process managed by Liminal. While WazirX and Liminal engage in a blame game, with Liminal denying any compromise of its infrastructure, the focus remains on recovering the stolen assets.

The Chain of Events Leading to the Hack

The breach primarily targeted WazirX’s Ethereum multisig wallet, affecting both Ethereum (ETH) and ERC-20 tokens. The attackers stole 15,298 ETH directly and swapped other assets such as Shiba Inu (SHIB), Polygon (MATIC), and Pepe Coin (PEPE) tokens, amassing 59,097 ETH, valued at approximately $206.7 million.

Forensic Investigations and Community Support

WazirX is working with forensic experts and law enforcement to track the stolen funds and identify the perpetrators, receiving significant support from the crypto community. However, the use of Tornado Cash, a mixing service, by the hacker complicates asset tracing efforts. Despite these challenges, there is hope for recovery as the stolen funds, now in Ethereum, remain stagnant due to wallet embargoes.

Potential Connections to the Lazarus Group

Adding another layer of complexity, there are suspicions that the notorious North Korean hacker group Lazarus might be behind the WazirX hack. Known for high-profile cyber attacks on crypto exchanges and financial institutions globally, their involvement underscores the sophisticated and international scope of the threat.

Conclusion

For WazirX investors, the primary concern is the recovery of their assets. The success of forensic investigations, community support, legal actions, and potential compensation plans will be crucial in this effort. The involvement of Tornado Cash creates significant hurdles, but the current cooperation among exchanges offers a glimmer of hope. As developments unfold, WazirX remains committed to securing and recovering the stolen funds.