As a seasoned crypto investor with years of experience under my belt, I can’t help but feel a sense of dismay when reading about the WazirX hack incident. Having seen numerous cyber attacks on exchanges over the years, it’s always heart-wrenching to witness such incidents, especially when they could have been prevented.
Michael Pearl, a cyber security expert at Cyvers who initially disclosed the $234.9 million (around Rs 2000 crore) WazirX hack, stated that he contacted Nischal Shetty, the co-founder of WazirX on July 18th, informing him about the attempted hack. However, Mr. Shetty initially doubted the claim. In a conversation with Indian crypto influencer Aditya Singh (Twitter handle: Cryptooady), Michael discussed the events of July 18th when unidentified hackers managed to infiltrate WazirX’s multi-sig wallet, leading to the theft of substantial cryptocurrencies.
Michael stated that Cyver’s team discovered an extremely odd occurrence involving a marked wallet on July 18, during the early morning hours. This wallet was rapidly losing millions of dollars in cryptocurrencies. They soon concluded that a WazirX wallet had been heavily compromised due to this rapid drainage. However, Cyver’s team didn’t receive any response from WazirX management for approximately 30 minutes after the suspicious activity was reported. Michael further mentioned that he contacted WazirX co-founder Nischal Shetty on Whatsapp through a mutual acquaintance.
“We have a security operations centre at Cyvers and its head informed us around 10 am that listen I see a huge hack and I know that it’s a WazirX wallet…Even though WazirX wasn’t our client, we gave them the courtesy of reaching out to them before we went public. I reached out to Nischal initially on Whatsapp and then moved on to Telegram. At first, he wanted a proof which is totally understandable. So we sent him screenshots, hash, Ether scan and he realized that it’s the real deal (sic),” said Michael.
You can find the interview between Michael Pearl and Aditya Singh on YouTube. During the conversation, he mentioned that when Shetty discovered the WazirX wallet was being compromised, he activated his crisis management center, but unfortunately, it came too late.
Michael expressed, “To put it frankly, once a system has been hacked, there isn’t much left to do. The crucial actions one can take should ideally be implemented beforehand, not after. Now, all that’s left is to evaluate the extent of the harm and consider what possible remedies exist.
Pearl clarified that Cyvers possesses unique techniques to recognize wallets associated with exchanges, regardless of direct client status, by monitoring wallet activities across the blockchain. Although he couldn’t disclose specific details due to security concerns, he affirmed that Cyvers has reliably pinpointed wallets implicated in hacking incidents. The system may not be infallible, but it delivers highly precise warnings.
As a dedicated crypto investor, I firmly believe that had the WazirX team implemented real-time monitoring systems, they could have prevented the unfortunate incident of the hack.
Michael stated, “Had WazirX collaborated with us initially, we could have alerted them in advance and potentially avoided this situation. They fell victim to a malicious smart contract that was set up like a time bomb. If we had been monitoring their wallets, we could have flagged the smart contract as suspicious and they could have taken preventative action.
Michael states that the hack focused on WazirX’s multi-approval wallet, a type of wallet designed for enhanced security as multiple individuals are required to agree on any modifications or alterations.
🚨ATTENTION🚨 Dear WazirXIndia, our system has flagged multiple potentially fraudulent transactions linked to your ETH network-based Safe Multisig wallet.A sum of approximately $234.9 million from your account has been transferred to a new address. It’s important to note that each transaction appears to have been initiated by Tornado Cash, which is raising concerns.We recommend you exercise caution and investigate these transactions thoroughly for your safety.— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024
Following the cyber heist, the culprits transferred approximately $45 million of the pilfered funds via Tornado Cash – a platform designed to conceal the origin of the money. Pearl explained that although Cyvers can track the money on the blockchain, it becomes significantly more challenging to trace once it’s blended with other transactions. Typically, cybercriminals aim to swap stolen cryptocurrency for traditional funds or use it in peer-to-peer (P2P) markets, exchanges with lax Know Your Customer (KYC) protocols, or illicit marketplaces.
Pearl stated that, much like starting a business, hacking can be seen as the initial step. However, it’s important to note that this kind of startup is malicious, and the capital it generates is ill-gotten funds.
When queried about the possibility of WazirX retrieving their stolen funds, Pearl expressed skepticism. He explained that only around 25% of individuals who attempt fund recovery through the bounty program are typically successful – this method involves the return of funds from the hacker to the victim. The remainder usually can only recover a minimal amount. Hackers may sometimes propose returning a portion of the money in exchange for a ransom, but such a method is unreliable when it comes to fund recovery. Pearl suggested that the most effective strategy to safeguard one’s money is by preventing the hack from occurring in the first place.
The WazirX hack significantly affected the cryptocurrency community in India. Moreover, Pearl highlighted a concerning fact that assaults on centralized exchanges have escalated by an astounding 900%. Despite this, numerous platforms continue to trust their security to internal measures instead of engaging external cybersecurity firms capable of identifying potential attacks proactively.
Read More
Sorry. No data so far.
2024-09-22 20:04