WazirX, a Mumbai-based cryptocurrency exchange in India, is the latest victim of a major security breach where hackers stole approximately $230 million, which is around half its reserves, on Thursday. The massive hack has left authorities shocked by the vulnerability present in the rapidly evolving cryptocurrency landscape. The significant breach has had profound implications for the impacted users, the exchange, and the whole cryptocurrency community, raising questions about security measures and regulatory frameworks.
The exchange confirmed the news through its X post, “We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We'll keep you posted with further updates.”
Acknowledging the intensity of the matter, WazirX released its statement on X, “A cyber-attack occurred in one of our multisig wallets involving a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023.” One multisig wallet requires two or more authentication factors for secure login.
Providing the details of the wallet, WazirX clarifies that it had six signatories including five from WazirX and one from Liminal, accountable for transaction verifications, requiring approval for a transaction.
“The cyber-attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber-attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.”
As per the Lookchain, the third-party blockchain explorer report shared on X handle, over 200 cryptocurrencies were lost in the breach. This includes 5.43 billion Shiba Inu tokens worth $102M, 15,298 Ethereum tokens amounting to $52.5M, 20.5M Matic tokens costing $11.24M, 640.27 billion PEPE tokens worth $7.6M, 5.79 million USDT tokens, and 135M GALA tokens costing $3.5M were breached from the platform.
Blockchain sleuth Elliptic claims, North Korea-linked hackers appear behind the perpetration of the attack.
In comparison with the June report disclosed by WazirX, the stolen amount accounts for more than 45% of the $500 million holdings of the exchange. As of the time of writing, the Indian exchange’s reserve site was undergoing maintenance and was temporarily unavailable.
Transactional data in the X post shows that the exploiter is actively involved in trades of the stolen holding employing onchain exchange Uniswap.
The Indian Financial Ministry has not released any statement on the breach or its implications on the crypto ecosystem in the country.
The breach exposed sensitive data of thousands of its users and stolen digital assets damaging their reputational and financial stature. The incident has raised concerns over security measures that WazirX has placed and broader implications for users' trust and privacy in cryptocurrency exchanges. The breach has evoked discussion over cybersecurity concerns and the growing digital landscape of the country.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
