Indian crypto exchange WazirX has temporarily paused all trading after hackers stole $230 million in funds on Thursday. The company said the crypto was stolen from one of its multisig wallets, which need two or more private keys to validate and authorise transactions. Experts say the cybercriminal group Lazarus – which is affiliated with North Korea – could be behind the attackread more
Advertisem*nt
 "WazirX security breach: How did hackers steal $230 million in crypto? (1)")
With 16 million customers, WazirX is one of India's most prominent crypto exchanges.
Indian crypto exchange WazirX has suffered a major hack, according to several media reports.
The exchange halted withdrawals on Thursday after $230 million in funds – nearly half its reserves – were stolen.
It called the incident a “force majeure” event that was “beyond its control.”
“We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavour,” the company said in a statement.
Advertisem*nt
But what happened? What do we know about the breach?
Let’s take a closer look:
What is Wazir X?
First, let’s take a brief look at WazirX.
WazirX is one of India’s biggest crypto exchanges.
It has over 16 million users.
Users on WazirX can buy and sell crypto such as Bitcoin, Ethereum, and Ripple among many others.
The company released a new interface earlier in July.
How did the hackers do it?
On 18 July, a hack saw $230 million stolen from WazirX’s multisig wallets.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused,” WazirX wrote on social media.
As per Economic Times, multisig wallets are a form of crypto wallet.
Advertisem*nt
These need two or more private keys to validate and authorise transactions.
As per The Hindu, the multisig wallet was being operated by six signatories – five from WazirX and one from digital asset service Liminal.
WazirX in a statement that the hacker perhaps used a difference between the data shown on Liminal’s interface and the transaction’s contents to steal the funds.
“The cyberattack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents. During the cyberattack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker,” it said.
“Despite us taking all necessary steps to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred,” WazirX said.
Advertisem*nt
Economic Times quoted Liminal as saying, “Our preliminary investigations show that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem has been compromised.”
“We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe.”
Mint quoted data from blockchain analytics firm Lookonchain as showing that over $100 million worth of Shiba Inu (SHIB) tokens were stolen.
Ethereum tokens worth $52 million, Matic tokens worth $11 million, and Pepe tokens worth $6 million, were also hacked.
Another $135 million in Tether and $3.5 million in Gala were also stolen, as per Hindustan Times.
Advertisem*nt
The Times of India quoted Cyvers, a Web3 security firm as saying that “multiple suspicious transactions” were detected regarding WazirX’s multisig wallet.
Cyvers said $230 million worth of crypto was moved to a new address.
It said Tornado Cash – a fully decentralised protocol for private transactions on Ethereum – was used.
“The suspicious address has already swapped $PEPE (Pepe), $GALA (Gala), and $USDT (Tether) to $ETH (Ether) and continues to swap other digital assets,” Cyvers wrote_._
Advertisem*nt
Hindustan Times quoted transactional data as showing that the thief was selling the stolen cryptos on the Uniswap on-chain exchange.
TechCrunch quoted risk-management platform Elliptic as saying that the hackers were ‘affiliated’ with North Korea.
Economic Times cited experts as saying that the cybercriminal group Lazarus could be behind this attack.
This group has previously executed some of the biggest crypto hacks in the world.
Victims have not got their funds back because the group did not negotiate.
Aditya Singh, a crypto watcher and influencer, told Economic Times, “If that’s true, the bad news is they do not cooperate, will never be held legally accountable, and are efficient with laundering,” he told ET.
“The freeze on 50% of WazirX’s assets is a pretty serious situation,” Singh added.
What is the company doing?
As per NDTV, the company has announced reward of $23 million for anyone who helps retrieve the stolen funds.
WazirX has asked white hat hackers, blockchain forensics experts, and cybersecurity professionals to join the recovery efforts.
“This could potentially amount to $23 million, making it one of the largest bounties ever offered in the crypto industry,” the exchange said in a statement, as per NDTV.
“Our foremost goal is to recover the stolen funds. This bounty programme is designed to tap into the expertise of the community to achieve this critical objective,” WazirX founder Nischal Shetty said.
The company has also temporarily paused trading.
WazirX posted on social media: “The cyber attack theft has impacted our ability to maintain 1:1 collaterals with assets, and we’ve temporarily paused trading. We’re conducting thorough forensic data examination and security audit procedures and working to enable withdrawals soon. User safety remains our top priority. Thank you for your patience and support during this challenging time. We will continue to provide regular updates.”
The leaders of other crypto exchanges sought to reassure customers.
CoinSwitch co-founder Ashish Singhal wrote on social media, “We are aware of the recent security breach on the WazirX platform. We want to assure our users that their funds on CoinSwitch are secure and unaffected by this incident. We advise all our crypto investors to be mindful of potential market volatility during this time and exercise caution in their trading and investment activities.”
Sumit Gupta, co-founder of CoinDCX said, “In light of the recent #WazirX breach, we want to reassure all CoinDCX users that your assets are safe and not impacted in any manner. Our wallet security remains robust."
Mudrex CEO Edul Patel, “We conduct regular audits to ensure a 1:1 ratio of funds. Additionally, our codebase goes through extensive scrutiny and review at many layers to ensure our tech infrastructure is immune to such exploits.”
But others are not so sanguine.
Mudit Gupta, a blockchain security researcher and chief information security officer at OxPolygon Labs, wrote on X, “RIP WazirX. Brace for another ‘crypto ban’ in India. Centralised exchanges are literally the opposite of decentralised finance and cryptocurrencies, but the politicians will use this hack to throw dirt at crypto. If you don’t understand it, ban it.”
With inputs from agencies
Tags
cryptocurrency
Find us on YouTube
