WazirX, the leading cryptocurrency exchange in India was recently hacked by malicious actors, and a total sum of over $230 million worth of crypto assets was stolen from the exchange.
The Wazir X team after releasing a preliminary statement to their community asking for their understanding and patience after the massive hack has released another statement containing findings and a full analysis of the unfortunate incident.
They stated that the attack was on one of its multisig wallets which has used Liminal’s digital asset custody and wallet infrastructure since February 2023.
The statement from the WazirX team contained a comprehensive breakdown of what happened, the nature of the cyber attack, and how their security systems were able to be breached.
The team stated that they remain committed to transparency and the welfare of their community hence the need to share their preliminary findings on the attack to the community.
“ At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multi-sig wallets. Below are the preliminary findings to clarify the situation:
» Incident Overview: A cyber attack occurred in one of our multi-sig wallets involving a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal’s digital asset custody and wallet infrastructure from February 2023. »
Wallet Configuration and Breach Mechanics: The wallet had six signatories — five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal’s signatory. A policy to whitelist destination addresses was also in place to enhance security. These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses. »
Nature of the Cyber Attack: The cyber attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker. »
Security Measures and Response: We had robust security features, including the Gnosis Safe multi-sig smart contract platform and Liminal’s whitelisting policy. Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred.
This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor.
While these are the findings from our preliminary investigation, we will keep you posted with further updates. Together with your support, we shall overcome this challenge and emerge stronger and more resilient than ever. Thank you for standing with us
Affected WazirX Wallet Address: 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4″ WazirX team posted
The hackers who initially converted most of the stolen assets to Ethereum have offloaded most of the assets they stole and are down to a little over $100 million worth of assets according to Arkham Intelligence.
The WazirX team stated that all hands are on deck to retrieve the stolen funds as they liaise with various cybersecurity teams across the world to achieve this.
What to Know
- Suspicion in the industry has pointed to the involvement of the dreaded North Korean Lazarus group as a possibility. A bounty has been offered by Arkham Intelligence rewarding anyone who can identify a KYC-linked centralized exchange deposit, revealing the identity of the exploiter, or reveal information that will lead to successful efforts in returning the stolen funds.
- A Force majeure events are usually defined as certain acts, events, or circumstances beyond the control of the parties, for example, natural disasters or the outbreak of hostilities. In crypto it refers to hacks that are beyond the control of the security system of a project.