Golden Finance reported that according to Beosin Alert monitoring and early warning, the Indian exchange wazirx was attacked. The attacker obtained the signature data of the exchange's multi-signature wallet administrator, modified the wallet's logical contract, and made the wallet execute the wrong logic to steal assets. Based on the attacker's attack behavior, it is speculated that the cause is the leakage of the administrator's private key of the multi-signature wallet. Beosin briefly analyzes the cause of the attack as follows: 1. The attacker deployed an attack contract, the function of which is to extract the token assets specified by this contract. 2. The attacker obtained the signature data of the wazirx multi-signature wallet administrator and modified the wallet's logical contract to the deployed attack contract. 3. The attacker submitted a token extraction transaction to the wazirx multi-signature wallet. Due to the mechanism of the proxy mode, the wallet contract will use delegatecall to call the relevant functions of the attack contract and transfer the wallet tokens. The flow chart of the stolen funds. At present, the hacker has transferred part of the funds to the Changenow and Binance exchanges.
Explore the lastest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number