WazirX Releases Official Statement on $230 Million Attack

As a seasoned cybersecurity analyst with extensive experience in the cryptocurrency industry, I find the recent disclosure by WazirX regarding the breach of their multisig wallet quite concerning. The fact that over $230 million worth of assets were stolen is a significant loss and raises serious questions about the security measures in place for digital asset custody.


As a researcher, I’ve uncovered some new information regarding the recent incident with WazirX, an Indian cryptocurrency exchange. They have confessed to experiencing a major cyber attack that targeted one of their multisig wallets. The damage? Over $230 million worth of assets were unfortunately compromised.

WazirX disclosed on their platform that a security issue impacted a multisignature wallet they managed in collaboration with Liminal’s digital asset custody and wallet solution. This particular wallet has been operational since February 2023, featuring robust security measures intended to safeguard user assets.

The occurrence entailed over $230 million disappearing, triggering substantial worry about the safety of storing digital assets. Additionally, the company disclosed in their post the implicated WazirX wallet address, which initiates with ‘0x27fD43…’.

The wallet in question, which had been compromised, was signed by a total of six individuals: five from WazirX and one from Liminal. For any transaction to be valid, the approval of three out of the five WazirX signatories was necessary. To enhance security, these three approvals were granted using Ledger Hardware Wallets. Lastly, the final go-ahead for the transaction came from Liminal’s signatory.

The post added, “These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses.”

As an analyst examining the WazirX report, I’ve discovered that the attackers exploited a discrepancy between the actual transaction data and the information displayed on Liminal’s interface. It is suspected that these criminals managed to bypass the security measures by altering the payload to seize control of the wallet.

Despite the advanced security measures like Gnosis Safe’s multisig smart contract platform and Liminal’s stringent whitelisting policy, an unfortunate breach occurred in WazirX’s system. To minimize the fallout, the company swiftly blocked deposits and reached out to affected wallets for recovering the stolen assets. WazirX is working closely with leading experts to tackle this issue and retrieve the misappropriated funds.

WazirX reassures its user base that every effort is being made to resolve the current issue. Transparency is a priority for the exchange, and regular updates will be shared as the investigation unfolds.

WazirX acknowledged, “This is an unforeseen circumstance beyond our grasp, but rest assured, we’re leaving no stone unturned in our quest to locate and retrieve the funds. We have already halted some deposits and contacted affected wallets for recovery. We are collaborating with top-tier resources to aid us in this mission.”

Read More

Sorry. No data so far.

2024-07-18 23:32