The exchange came forward to explain what happened
WazirX, India's largest cryptocurrency exchange, suffered a major security breach yesterday (7/18) afternoon, resulting in losses of more than $235 million. WazirX disclosed the details of the attack on its official X account, revealing that the wallet that was attacked was a multi-signature wallet managed by the digital asset custody and wallet infrastructure provided by Liminal. This wallet has been in use since February 2023 and is designed with multiple layers of security measures to protect user assets.
Source: Cyvers Alerts on-chain monitoring platform discovered anomalies and calculated the loss to exceed 235 million mg.
According to WazirX, this multi-signature wallet has six signers, five of which are from WazirX and one from Liminal. Transactions require the signatures of any three of the three WazirX signers, all of whom use Ledger hardware wallets for extra security, and ultimately require approval by Liminal’s signers. WazirX stated that the attacker took advantage of the inconsistency between the transaction details and the data displayed on the Liminal interface, modified the transmission data and gained control of the wallet.
The attack occurred despite the fact that the multi-signature wallet uses advanced security features such as Gnosis Safe and Liminal’s whitelisting policy. WazirX has taken immediate steps to mitigate the damage, including blocking deposits and contacting affected wallets to recover the stolen funds. A spokesman for the exchange said: "This is a force majeure event beyond our control, but we will spare no effort to find and recover the funds. We have frozen some deposits and contacted relevant wallets for recovery. We are contacting the best resources Come help us achieve this goal.”
Source: X WazirX After the attack, he published an article explaining the ins and outs of the incident
What impact will this hacker attack have on users?
The WazirX incident caused users to worry about the security of their funds. In the attack, hackers stole multiple cryptocurrencies including Shiba Inu ($SHIB), Ethereum ($ETH), Polygon ($MATIC), and more, with a total value of more than $235 million. According to the reserve certificate report released by WazirX in June 2024, the exchange’s total holdings were worth $503.64 million, and the amount lost in this incident accounted for nearly 50% of the total holdings. Therefore, after the incident, WazirX immediately announced that it had suspended all withdrawal functions, resulting in users being unable to immediately withdraw their assets.
Source: X After the incident, WazirX immediately announced that it had suspended all withdrawal functions.
In addition, according to a report by foreign media "The Crypto Times", WazirX stipulated in the latest revised privacy policy on March 18, 2019, which outlines the strict conditions for liability and dispute resolution after major security breaches, making the exchange Immunity from liability for most forms of damages, except in cases of gross negligence, fraud, willful misconduct or willful violation of the law. This means that unless these conditions are met, affected users cannot seek compensation for losses such as data breaches, financial impact or other consequential losses, and affected users face a 60-day enforcement period before taking legal action against the platform if necessary. Waiting period.
All of the above actions triggered market panic, and the price of WazirX’s $WRX token dropped sharply. At the same time, other stolen tokens were also affected to varying degrees. Although WazirX promises to work hard to recover funds, there is currently no guarantee that users will be able to recover all stolen assets, leaving users facing significant economic uncertainty.
Image source: TradingView WazirX’s $WRX token price fell sharply after the incident
Hackers continue to sell tokens, causing market panic and some tokens falling
According to on-chain data analysis, hackers quickly transferred a large number of stolen tokens to different wallet addresses after the attack, and sold a variety of tokens including $SHIB, Ethereum, etc. on the decentralized exchange Uniswap. This behavior resulted in a significant drop in the price of the underlying token. For example, $SHIB price dropped by more than 10% in 24 hours, while $WRX token price also dropped by approximately 12.97%.
Source: Lookonchain Lookonchain announced the total number of tokens obtained by hackers from WazirX in this incident
In addition, in order to show off his success, the hacker specially minted the "I Hacked WazirX" token and sent it to Vitalik Buterin, the founder of Ethereum. This move was not for financial gain, and the hackers did not ask for a bounty or ransom from WazirX, but simply boldly demonstrated their capabilities to the outside world.
Source: Etherscan In order to show off his success, the hacker specially minted the "I Hacked WazirX" token
Arkham launched a bounty system to allow everyone to track this incident on the chain
To speed up the tracking and identification of the hackers, blockchain security platform Arkham has launched a bounty program offering 5,000 $ARKM tokens to anyone who can provide clues to the hacker’s identity or help recover funds. This move is to mobilize the power of the global blockchain community to jointly combat this hacker attack.
Picture source:
Well-known on-chain detective ZachXBT has provided relevant evidence pointing to a hacker-related KYC centralized exchange deposit address, showing the community’s spirit of unity and cooperation in the face of such incidents. However, because ZachXBT submitted too quickly (ZachXBT submitted at 18:00 on July 18, which was only 8 minutes away from Arkham's release time (17:52)), he was ridiculed by netizens: "Sometimes people think that it is not at all You carried out the hack yourself."
Source: ZachXBT ZachXBT submitted evidence of "identifying KYC centralized exchange deposits" for Arkham's bounty program
The hackers are suspected to be North Korea’s Lazarus Group
According to evidence provided by ZachXBT, coupled with an investigation by blockchain analytics firm Elliptic, the attack was likely carried out by the Lazarus Group, which is linked to North Korea. This hacker group has carried out multiple attacks on the cryptocurrency industry in the past few years and has illegally obtained more than $3 billion in funds. The Lazarus Group typically uses privacy tools like TornadoCash to hide the trail of transactions, and this WazirX attack is no exception.
In addition, Mudit Gupta, chief information security officer of Polygon Labs, said that the hackers began preparations on the chain at least eight days before the attack, which was a well-planned attack.
Image source: Mudit Gupta, chief information security officer of X Polygon Labs, said this was a well-planned attack.
Regarding the deeds of the North Korean hacker group Lazarus, you can refer to past articles in "CryptoCity":
The most rampant coin-stealing group in history? What is the Lazarus hacker group? 3 pictures to understand money laundering tactics
The detective on the chain speaks out! Japan's DMM exchange was stolen, was it all the work of North Korean hackers?
The existence of hackers has brought serious damage to the encryption industry
Hacking attacks have caused serious damage to the cryptocurrency industry, not only directly causing users to lose funds, but also triggering market panic and affecting the price stability of related tokens. The WazirX incident has once again emphasized the urgency of security issues in cryptocurrency exchanges.
As events develop, the Indian government may tighten supervision of the cryptocurrency industry, which may further affect future investment opportunities and trading behaviors. For users, they need to choose a trading platform more carefully and pay attention to the platform's security measures and regulatory developments at all times.
This incident has taught the industry a profound lesson, reminding all participants to strengthen security precautions and protect user assets from such attacks.
