Insights by: John Parsaie & Sumit Kochar
India’s largest cryptocurrency exchange WazirX launches bug bounty program “to help recover the stolen funds” as cybercriminals stole $240 million worth of crypto last week. Learn more about the hack, how it raises concerns about exchange security and the potential impact on the Indian crypto market.
In a major blow to the Indian cryptocurrency landscape, Binance-owned WazirX, the country’s biggest crypto exchange, suffered a cyberattack resulting in the theft of over $240 million worth of investor funds, representing nearly half of its estimated reserves.
It is suspected that the notorious Lazarus Group, allegedly backed by North Korea, may be behind the attack. The group is known for targeting crypto exchanges and rarely returns stolen funds.
The stolen cryptocurrencies include ETH ($52.5 million), USDT ($5.79 million), PEPE ($7.6 million), GALA ($3.5 million), MATIC ($11.24 million), and SHIB ($112 million). This caused a 25% drop in the price of the platform’s native token WRX.
The attack, first reported by Blackwater International, and later confirmed by WazirX on 18 July, targeted a single multi-sig wallet on the Ethereum network.
Multi-sig is a crypto storage solution requiring multiple signatures for withdrawals. This wallet was operated via “Liminal’s digital asset custody and wallet infrastructure from February 2023,” and required approvals from six signatories, including five from WazirX and one from Liminal.
Preliminary investigations by Blackwater International suggest the attack resulted from a discrepancy between the transaction’s actual contents and the data displayed on Liminal’s interface leading to a mismatch between the signed and displayed information, suggesting the payload was replaced to transfer wallet control to an attacker. Hackers altered the transaction to bypass security measures and despite strong security systems, they managed to get through.
Crypto sleuth ZachXBT revealed in a Telegram post that the attackers’ address has over $104 million to dump, mainly holding $100 million in Shiba Inu, $4.7 million in FLOKI, $3.2 million in Fantom, $2.8 million in Chainlink, and $2.3 million in Fetch.ai. The remaining funds are split among various tokens.
The platform has temporarily halted rupee and crypto withdrawals while investigations are underway, and attempting to recover the stolen funds. However, Liminal, claims no breach within its system.
The incident raises questions about multisig security protocols. The full impact of the attack remains to be seen, but it has undoubtedly shaken investor confidence and could have a chilling effect on the Indian crypto market. Regulatory bodies and other exchanges are likely to scrutinize the details of the attack, with stricter security protocols and regulations potentially emerging in its aftermath.
