India’s leading cryptocurrency exchange, WazirX, has been hit by a major security breach, resulting in the theft of over $230 million in digital assets. The incident, which took place on July 18, 2024, targeted a multisig wallet, a secure storage solution requiring multiple keys for access.
Wazirx Hacked
This breach involved a multisig wallet, which requires multiple private keys to sign off on transactions – in theory making it more secure than regular wallets.
Table of Contents
The team at the exchange halted cryptocurrency and rupee withdrawals immediately and are currently searching for those responsible. Furthermore, they have pledged compensation for affected users.
What Happened?
Indian crypto exchange wazirx was victim to an unprecedented hack, losing over $230 million of user funds in just 24 hours. This breach occurred through one of their multisig wallets and has been linked to North Korea’s Lazarus Group – a well-known hacking group known for targeting crypto exchanges.
Hackers accessed a wallet using signature phishing, which involves accessing authorized addresses through social engineering or by hijacking their private keys, in order to gain entry. After accessing it, they drained its contents before redirecting tokens they owned to an address under their control – an exceptionally sophisticated attack which has raised concerns over threats posed by state-backed actors like Lazarus Group.
Wazirx announced via tweet that all cryptocurrency and INR withdrawals have been temporarily suspended as it works to identify those responsible and recover users’ assets.
The hack was likely the result of a vulnerability in Orbit Bridge service, a cross-chain protocol built on Ethereum used for automating token transfers. A hacker quickly exploited this flaw to steal more than $82 million despite this setback; nevertheless, company founder remains hopeful about its long-term viability.
📢 Update: We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding.…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
The Exchange’s Response
WazirX did not disclose details about its security breach but did confirm that one of its multi-sig wallets has been compromised, part of Liminal Custody infrastructure which requires two or more private keys for authentication. According to LookOnchain (an on-chain wallet tracker), $230 million worth of tokens were moved out from WazirX’s multi-sig wallet and transferred elsewhere – some were sold on UniSwap; stolen funds included $100 Million Shiba Inu (SHIB), $52 Million Ethereum (ETH), and $11 Million MATIC and PEPE tokens among others.
This hack was devastating: it affected thousands of small to mid-size companies that relied on Microsoft Exchange Server on-premise rather than in the cloud for data security, including banks and defense contractors who prefer not entrusting Microsoft with their proprietary information.
Cybersecurity firms have long cautioned of hackers exploiting vulnerable servers as targets, and it was soon discovered that Chinese government hackers called Hafnium had been taking advantage of vulnerabilities to spy on targets. Following this discovery, on March 2 the US Cybersecurity and Infrastructure Security Agency issued an emergency directive requiring federal civilian departments and agencies either patch their vulnerable servers or disconnect them from the Internet.
Market Sentiment
Shiba Inu (SHIB), one of the second-largest memecoins by market capitalization, saw its value decrease almost 10% following news of hacking. Following the WazirX hack, several Indian crypto exchanges sought to assure their users of their security protocols in response to CoinSwitch and CoinDCX breaches, providing assurances that user funds remain protected in their respective wallets. The breach resulted in $234.9 million being taken out of Safe Multisig wallets on the exchange, which are considered more secure since they require at least three signatures to access assets. On-chain investigator ZachXBT speculates that those responsible could be associated with Lazarus Group from North Korea due to their modus operandi and technical approach in carrying out this attack.
The breach at WazirX highlights the vulnerabilities of even prominent cryptocurrency exchanges. Furthermore, it raises questions about whether stricter security measures are needed in the industry as investors move their assets to less vulnerable platforms and regulatory bodies step in to set more stringent requirements for exchanges. Furthermore, steep discounts in BTC and USDT likely reflect panic selling after the hack and an attempt at protecting fiat currency with limited liquidity on WazirX as investors rushed to secure fiat money before it evaporated in another hack attack; with SHIB tokens having vanished, further concerns arise regarding liquidity on WazirX as it struggles to keep stable prices despite further losses on WazirX.
Reputation Damage
WazirX has suffered as a result of this hack, as its reputation is damaged, leading users to move assets to different exchanges. Furthermore, this incident highlights ongoing security challenges faced by crypto exchanges as well as emphasizing the necessity of employing strong measures for user funds’ protection.
Hackers commenced this breach by draining a Safe Multisig wallet on Ethereum and taking over $230 million worth of various digital currencies from within it. Security firm Cyvers Alerts noted these suspicious transactions and revealed that the hacker was funneling them through Tornado Cash, an Ethereum anonymizing service. On-chain records indicate that this attacker has already moved over $100 million of Shiba Inu tokens, $52 million worth of Ethereum, and $11 million worth of Polygon’s MATIC token to new addresses as well as beginning selling some stolen tokens via Uniswap.
WazirX reported $466 Million of assets as of June, but approximately 46% was stolen, making this hack one of the year’s largest heists and forcing WazirX to temporarily halt cash and cryptocurrency withdrawals while it investigates.
Though the exact cause of the hack remains unknown, experts suspect it was due to a compromised private key being leaked out by malicious actors who compromised Safe Multisig wallet and converted it into a malicious contract with which they then used to drain its contents. This attack bears all the hallmarks of North Korean Lazarus Group attacks known for targeting crypto exchanges and mining marketplaces.
About The Author
