Monday, November 18

WazirX, the Indian cryptocurrency exchange, has finally opened up about the recent breach and disclosed details of the significant cyber attack on one of its multisig wallets, resulting in a loss exceeding $230 million. 

WazirX has revealed on the X that the breach affected a multisig wallet that was managed with the help of Liminal’s digital asset custody and wallet infrastructure. This wallet has been in use since February 2023 and was designed with multiple layers of security to protect customer assets.

The incident involved a loss of funds exceeding $230 million, raising serious concerns about the security of digital asset custody. In the post company also mentioned that the affected WazirX wallet  address which is starting from ‘0x27fD43..’

The compromised wallet had six signatories: five from WazirX and one from Liminal. Transactions required approval from three WazirX signatories, all of whom utilized Ledger Hardware Wallets for added security, followed by final approval from Liminal’s signatory.

The post added, “These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses.”

According to WazirX, the attack took advantage of a mismatch in data between the transaction details and what was displayed on Liminal’s interface. It is believed that the cybercriminals got around the security protocols by changing the payload to take possession of the wallet.

Despite the sophisticated security features, including the Gnosis Safe multisig smart contract platform and Liminal’s whitelisting policy, the breach occurred. WazirX has taken immediate steps to mitigate the damage by blocking deposits and contacting affected wallets to recover the stolen funds. The company is collaborating with top experts to address the situation and recover the assets.

WazirX has assured its community that it is doing everything possible to rectify the situation. The exchange is committed to transparency and will provide further updates as the investigation progresses. 

WazirX said, “This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor.”

Also Read: WazirX Users Can Not Take Any Legal Action For 60 Days



Share.