" "

India's biggest crypto exchange WazirX HACKED! $230 million funds stolen

author-image
ISN Team
New Update
WazirX HACKED

WazirX, which calls itself 'India Ka Bitcoin Exchange,' has suffered a major security breach resulting in the theft of over $230 million (approximately Rs 1,920 crore) in digital assets.

The company witnessed withdrawals in the early European hours on Thursday as a security breach affected one of its wallets, causing the loss of user funds.

While WazirX confirmed the breach, the company recently completely preliminary investigation has temporarily suspended all withdrawals.

What did WazirX say about the breach?

Advertisment

"We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We'll keep you posted with further updates," WazirX earlier wrote.

“We have identified two more exploited smart contracts. Our team is still investigating the incident. For the time being, we have opened up a secluded website to revoke all approvals. Your funds are at risk until you revoke,” the company said.

WazirX completes preliminary investigation

"A cyber attack occurred in one of our multisig wallets involving a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023."

"The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal's signatory. A policy to whitelist destination addresses was also in place to enhance security. These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses."

"The cyber attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker."

"We had robust security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy. Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred," the company said.

The company also shared affected WazirX wallet address: 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4.

Reports say North Korean hackers behind the breach

According to a report in Coindesk, blockchain sleuth Elliptic indicated that North Korea-linked hackers appear to be behind the attack.

Early blockchain data tracked by Lookonchain indicates that around $100 million worth of Shiba Inu (SHIB) tokens were withdrawn, marking the largest loss among the funds, followed by $52 million in Ether (ETH), $11 million in Matic's MATIC, and $6 million in Pepe (PEPE). 

"Transactional data shows the exploiter is actively selling the stolen holdings using the on-chain exchange Uniswap. The exploiter has yet to sell their ETH holdings and holds over $4.2 million in FLOKI tokens," the report said.

Subscribe