TLDR
- A cyberattack on WazirX, one of India's leading cryptocurrency exchange platforms, led to the loss of approximately $230 to $235 million in digital assets.
- The cybercriminals targeted one of WazirX's multi-signature wallets, which was secured using Liminal's digital asset custody technology.
- Stolen funds were rerouted to a new digital address, with portions converted into Ether.
- In response, WazirX has halted all withdrawals while they conduct a thorough investigation into what occurred.
- There is speculation among experts that the breach might have connections to hacking groups from North Korea.
WazirX, a premier crypto exchange in India, suffered a severe cyber intrusion, leading to a loss of approximately $230-235 million in digital holdings on July 18, 2024.
The attack focused on exploiting a multi-signature wallet of WazirX, which was handled with the inputs from Liminal, a known provider of custody and wallet infrastructure for digital assets.
Preliminary findings by WazirX suggest a discrepancy existed in details presented on Liminal's interface versus actual transaction data, potentially leading to the breach.
🚨ALERT🚨Hey @WazirXIndia Our system flagged several questionable transactions involving your Safe Multisig wallet. #ETH network.
Approximately $234.9 million of your capital was transferred to an unfamiliar address. Each involved transaction's caller received funds from @TornadoCash .
The suspicious… pic.twitter.com/4sajAwd4Hb
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024
The report by WazirX highlighted a mismatch during the cyber incident between data shown on Liminal’s platform and the transactions as executed, possibly allowing illicit control to be seized over the wallet.
The imperiled wallet was safeguarded by utilizing six distinct signatures for transaction approvals, where typically, three WazirX signatories and one from Liminal were needed. Despite these confidences and predefined destination addresses, attackers bypassed security.
Liminal, supportive in its defense, remarked that while their systems were uncompromised, the exposed wallet was outside their trusted infrastructure, maintaining all Liminal-based WazirX wallets safe.
At WazirX, we prioritize transparency and safeguarding our users. Following a cyber intrusion into one of our multisig wallets, these are our initial discoveries:
Incident Summary: A cybersecurity breach targeted our multi-signature wallet...
WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
Web3 security entity Cyvers reported the discovery of numerous flagrant activities concerning WazirX's Safe Multisig wallet on the Ethereum platform.
They indicated that $234.9 million in assets were redirected to new addresses, with each transaction's origin of funds being supported by Tornado Cash, a decentralized mechanism for concealing transaction details.
Crypto sleuth ZachXBT reported The lead attacker is suspected still to possess over $104 million needing liquidation. The seized assets span various cryptocurrencies, notably around $100 million in Shiba Inu, $52 million in Ether, and $11 million in Polygon.
Reacting to the intrusion, WazirX suspended all withdrawals of both cryptocurrencies and Indian rupees on their portal.
The exchange reassured its clientele that an active investigation is underway, promising regular updates as more information becomes accessible.
Some security analysis experts noted similarities between this breach and previous exploits by known by North Korean threat groups. Blockchain intelligence firm Elliptic remarked that the technique had the signature of North Korean operatives, noting the execution involved converting assets into Ether through diverse decentralized platforms.
The security breach at WazirX has arisen amidst ongoing debates about crypto regulation in the region. in India remains uncertain.
Though discussions about cryptocurrency regulations have persisted for nearly four years, a definitive policy has yet to be declared.
As investigations proceed, the global crypto community remains attentive to WazirX's strategies in addressing this profound breach and in mitigating future vulnerabilities.
