Indian exchange WazirX loses $234m in recent exploit

by

As a seasoned analyst with years of experience in the crypto industry, I cannot help but feel a sense of dismay and concern upon learning about the latest exploit at WazirX, one of India’s largest crypto exchanges. Losing over $234 million in multiple crypto assets is an alarming figure, and it serves as a stark reminder of the risks inherent in this space.

WazirX, a major cryptocurrency exchange in India based on trading volume, has fallen victim to a notable hack, resulting in the theft of approximately $234 million worth of various digital assets.

As a security analyst at Cyvers, I want to bring your attention to a significant breach that came to light earlier today. The affected party is WazirX, a prominent player in the web3 space, and the security incident involved their Ethereum-based multi-signature wallet. According to on-chain data available to me, the financial losses amounted to approximately $234.9 million at the time of reporting.

As an analyst, I’d like to bring your attention to some unusual activity detected in your Safe Multisig wallet connected to the Ethereum network, @WazirXIndia. My system has identified a series of transactions totaling $234.9M that have been executed from this wallet. The interesting part is that each transaction’s originator appears to have received funds from the well-known mixer service, @TornadoCash. Given the large sums involved and the use of a privacy tool like Tornado.cash, these transactions warrant closer examination for potential money laundering or other illicit activities.

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024

As a crypto investor, I’ve been closely monitoring Etherscan data today, and I noticed something alarming around 06:19 UTC. A transaction stood out to me, where 4.1 Gnosis (GNO) were moved from a WazirX wallet to an exploiter’s address. This was the beginning of a hacking incident. Since then, the hackers have been siphoning off various assets from unsuspecting investors. Some of the affected coins include the popular meme tokens Pepe (PEPE) and Shiba Inu (SHIB). It’s crucial for us to stay informed and protect our investments during times like these.

With my extensive background in blockchain forensics and cybersecurity, I can tell you that I’ve seen my fair share of cryptocurrency hacks and fraudulent activities. In this recent incident, I’ve discovered that several addresses have been created to obfuscate the origin of the stolen funds. The hackers have then moved these funds among these addresses in a sophisticated scheme, ultimately exchanging the tokens for Ethereum (ETH) via Uniswap V3. As of now, three identified addresses belonging to the attackers still hold these ill-gotten gains. It’s crucial that we remain vigilant and work together as a community to prevent such malicious activities from causing further damage.

Significantly, the main wallet implicated in the exploit presently contains 15,296 ETH, equivalent to approximately $52.5 million, while its remaining holdings consist of around $25.1 million distributed among over 100 different tokens. Floki (FLOKI) represents the second-largest individual asset, holding a value of roughly $4.7 million.

When the scheduled report time arrived, scant details were available regarding the cause of the cyberattack. just minutes ago, WazirX acknowledged the intrusion through an X announcement, revealing that their security unit is currently probing the vulnerability. The platform indicated that all withdrawals in cryptocurrencies and Indian rupees (INR) have been temporarily halted to protect user assets.

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

In the cryptocurrency world, there has been a string of security breaches occurring frequently. Two days ago, LI.FI, a decentralized cross-chain protocol, experienced an exploit resulting in a significant loss of over $8 million. A recent analysis revealed that hacking incidents cost the community a staggering $176.2 million collectively during June alone.

Read More

2024-07-18 12:49