WazirX Vice President Rajagopal Menon described a recent cyber attack on one of its multisignature (multisig) wallets as a “force majeure event beyond our control.” The attack resulted in a staggering loss exceeding $230 million, marking a significant setback for the cryptocurrency industry, which has been grappling with high-profile hacks and security breaches in recent years. WazirX is a cryptocurrency and Bitcoin trading and exchange platform in India.
The Incident: A Wallet Breach
In a statement Menon detailed that the cyber attack targeted a multisig wallet that had been utilising Liminal’s digital asset custody and wallet infrastructure since February 2023. The security arrangement of the wallet is inclusive of six signatures—five from WazirX and one from Liminal—with transactions requiring approval from three WazirX signatories and a final approval from Liminal.
Despite the sophisticated security measures, such as the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy, cyber attackers were able to overcome these barriers.
North Korea Behind the Attack ?
Elliptic’s perusal of blockchains backing the assets led it to conclude the thieves are affiliated with North Korea.
North Korea has turned to cryptocurrency as a source of funds in the face of international sanctions. The nation is thought to run crypto-stealing operations and to launder the proceeds into instruments it can use to fund its nuclear weapons program and enrich the family of supreme leader Kim Jong Un.
Menon claimed that the attack took advantage of a difference between the data displayed on Liminal’s interface and the real contents of the transaction. This mismatch led to the unauthorized transfer of funds.
Exploiting Security Discrepancies
Menon elaborated on the nature of the attack, stating, “We suspect the payload was replaced to transfer wallet control to an attacker.” The attackers took advantage of a discrepancy between the information displayed and what was actually signed, resulting in a successful transfer of control over the wallet to the attacker.
This breach is a significant blow to WazirX, highlighting the persistent vulnerabilities in even the most secure systems. The discrepancy between displayed data and transaction contents underscores the importance of comprehensive security measures that can detect and prevent such manipulations.
The Aftermath: Efforts to Recover Lost Funds
WazirX has declared that they are working tirelessly to discover and retrieve the cash. Following the assault, the exchange immediately blocked some deposits and contacted affected wallets to discuss potential recovery. These steps are critical for reducing the impact of the incident and restoring trust among consumers and investors.
The hack follows previous disclosures by blockchain investigator ZachXBT, who discovered that the exploiter had exchanged significant quantities of bitcoin, including 5.43 trillion SHIB for 26,535 ETH, worth $92 million. Lookonchain supplied additional information, citing the theft of 15,298 ETH worth about $52.5 million and 20.5 million MATIC valued at $11.24 million.
Implications for the Cryptocurrency Industry
This incident is yet another reminder of the persistent security challenges facing the cryptocurrency industry. Although there are advancements in security protocols and technologies, hackers still continue to find ways to exploit vulnerabilities. The breach of WazirX’s multisig wallet, despite its robust security measures, underscores the need for continuous improvement in security practices and technologies.
The cryptocurrency industry must take lessons from such incidents to enhance security protocols and prevent future breaches. Collaboration among exchanges, security firms, and regulatory bodies is essential to develop more resilient systems. Additionally, users must be educated on best practices to secure their digital assets and remain vigilant against potential threats.
The cyber attack on WazirX’s multisig wallet, resulting in a loss exceeding $230 million, is a stark reminder of the vulnerabilities within the cryptocurrency industry. Despite robust security measures, the attackers exploited a discrepancy, leading to unauthorized transfers of significant amounts of cryptocurrency. WazirX’s swift response to block deposits and reach out to concerned wallets is crucial in mitigating the impact of the breach. However, the incident highlights the need for continuous improvement in security practices and collaboration within the industry to prevent future attacks.
As the cryptocurrency landscape continues to evolve, security must remain a top priority. The users must also adopt comprehensive measures to safeguard digital assets and ensure the integrity of transactions. The lessons learned from this incident should drive the development of more resilient systems and protocols, strengthening the overall security of the cryptocurrency ecosystem.
