Heaptalk, Jakarta — Indian cryptocurrency exchange WazirX experienced a terrible security breach. A cyber attack occurred in one of its multisig wallets, resulting in a loss of funds exceeding US$230 million. Consequently, the crypto exchange will temporarily suspend Indian rupee (INR) and crypto withdrawals to protect user funds while investigating the incident.
“This cyber attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was signed. We suspect the payload was replaced to
As is known, a Multisig wallet is a type of crypto wallet that requires two or more private keys to authenticate and confirm transactions before processing. Every transaction carried out by the attacker is known to be funded by the privacy mixer Tornado Cash. Approximately US$234.9 million was moved to a new address with domain 0x04b2. As a result, the hacker exchanged PEPE, GALA, and USDT into ETH and continued to exchange other crypto assets.
According to Coinvestasi, The crypto assets in the wallet address primarily consist of US$91 million (SHIB), US$25 million (ETH), US$7 million (MATIC), US$3.6 million (FLOKI), and other altcoins worth millions.
Nevertheless, WazirX implemented security features, including the Gnosis Safe multisig intelligent contract platform and Liminal’s whitelisting policy. Despite taking all necessary measures to protect the customer assets, the cyber attackers appear to have possibly breached such security features, and the theft occurred.
“This is a force majeure event beyond our control, but we leave no stone unturned to locate and recover the funds. We have already blocked several deposits and contacted concerned wallets for recovery. We are familiar with the best resources to help us in this endeavor. While these are the findings from our preliminary investigation, we will keep you posted with further updates.”
Previously, Japan’s crypto exchange DMM Bitcoin lost about 4,502 Bitcoin (BTC), approximately US$306 million, after it was illegally leaked from its wallet on Friday (31/05). Nevertheless, the DMM Bitcoin exchange admitted that the team frequently controls customer assets daily and operates a cold wallet to ensure that up to 95% of its assets are stored in the cold wallet.
