TLDR
- Indian cryptocurrency exchange WazirX lost approximately $230-235 million in a cyberattack.
- The attack targeted one of WazirX’s multisig wallets that uses Liminal’s digital asset custody infrastructure.
- Funds were moved to a new address and some have been swapped for Ether.
- WazirX has temporarily suspended withdrawals while investigating the incident.
- Some experts suggest the attack may be linked to North Korean hackers.
WazirX, one of the country’s leading crypto exchanges, has fallen victim to a significant cyberattack. The breach, which occurred on July 18, 2024, resulted in the loss of approximately $230-235 million in digital assets.
The attack targeted one of WazirX’s multi-signature wallets that utilized the services of Liminal, a digital asset custody and wallet infrastructure provider.
According to WazirX’s preliminary report, the cyberattack stemmed from a discrepancy between the information displayed on Liminal’s interface and the actual contents of the transaction.
🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.
A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.
The suspicious… pic.twitter.com/4sajAwd4Hb
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024
“During the cyberattack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed,” WazirX stated in their report. “We suspect the payload was replaced to transfer wallet control to an attacker.”
The compromised wallet employed a system of six signatories for transaction verification, typically requiring approval from three WazirX signatories and one Liminal signatory. Despite these security measures and the whitelisting of destination addresses, the attackers managed to bypass these safeguards.
Liminal, for its part, has stated that its platform was not breached and that its infrastructure, wallets, and assets remain secure. The company clarified that the compromised wallet was created outside of the Liminal ecosystem and that all WazirX wallets created on the Liminal platform continue to be secure.
At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:
» Incident Overview: A cyber attack occurred in one of our multisig wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
Web3 security firm Cyvers detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum.
They reported that $234.9 million of funds were moved to a new address, with each transaction’s caller funded by Tornado Cash, a decentralized protocol for private transactions.
Crypto sleuth ZachXBT reported that the suspected primary attacker address still has over $104 million to offload. The stolen funds include a mix of various cryptocurrencies, with the largest portions being approximately $100 million in Shiba Inu, $52 million in Ether, and $11 million in Polygon.
In response to the security breach, WazirX has temporarily suspended withdrawals of both cryptocurrencies and Indian rupees on its platform.
The exchange assured users that it is “actively investigating the incident” and will provide updates as the situation unfolds.
Some experts in the field have suggested that this attack bears similarities to those carried out by North Korean threat actors. Blockchain analytics firm Elliptic stated that the attack “has all the hallmarks of North Korean threat actors,” noting that the attackers have taken steps to swap the crypto assets for Ether using various decentralized services.
The attack on WazirX comes at a time when the regulatory environment for cryptocurrencies in India remains uncertain.
The country’s government has been discussing potential regulations for almost four years, but a clear framework has yet to emerge.
As investigations continue, the crypto community will be watching closely to see how WazirX handles the aftermath of this significant breach and what measures will be implemented to prevent similar incidents in the future.