Indian crypto exchange WazirX has announced a temporary pause on all trading after a security breach led to the loss of $230m in funds.
WazirX Statement
The exchange, acknowledging the attack in a statement posted on X (formerly Twitter) and on its website, reported that the cryptocurrency hack was carried out from one of its multi signature wallets. A multi signature wallet, also known as a multisig wallet, typically requires two or more private keys to validate any transactions. It is unclear how the intruders managed to bypass this security feature.
Explaining further, the exchange said the affected ethereum wallet was heavily protected by six signatories. Of the six signatories, five were with the WazirX team and the other signatory from Liminal. The statement added that, “The cyber-attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents.” The affected wallet was said to have been using Liminal’s digital asset custody and wallet infrastructure since February 2023.
Liminal Statement
Liminal put out a statement of their own clarifying that the compromised wallet was not created within their platform, and that their system was not affected by the breach. They reassured their customers that all wallets within their system were safe.
According to an asset management proof-of-reserves report provided by the WazirX in June, it had about $500 million. Official statement is calling the security breach “a force majeure event”.
WazirX, which suspended customer withdrawals earlier in the week, also claimed that the attack has affected its ability to maintain the crucial 1:1 required collateral ratio with assets. They listed a number of measures already taken which includes filing an online police complaint, reaching out to more than 500 exchanges to block identified addresses, engaging with cybersecurity experts to help in the recovery efforts. Other steps yet to be taken include working on enabling withdrawals, further updates and analysis (which is ongoing).
They urged all their customers to note the affected wallet address— 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4, to be vigilant against impersonating scam bots and to report all cases of impersonator messages to the appropriate authorities.
Some of the gloom has been punctuated by the news coming out of CoinSwitch and CoinDCX, both of which are affiliated with WazirX, that their customers have not been impacted by the breach.
$23 Million Recovery Reward
Meanwhile, WazirX has put out a reward program of up to $23 million for anyone who's able to help the firm recover its assets lost to the cryptocurrency hack. Elliptic, a risk management platform, claimed last week that its analysis had discovered the attacker has links to North Korea. Let's hope these assets are recovered like XCarnival did when they suffered a similar breach.
Cryptocurrency hacks on exchanges is always a gloomy subject, but it is believed WazirX has approached the issue with the respect and the urgency it requires. It is hoped that these measures being taken will lead to a resolution that will prioritize the interests of all stakeholders. If cryptocurrency is expected to become what many experts have predicted it to become in the coming years, then it is imperative that unfortunate events like this one are brought to a minimum, if not completely eradicated.