On July 18, 2024, according to the Beosin Alert monitoring warning, the Indian exchange WazirX was attacked. The attacker obtained the signature data of the exchange’s multi-signature wallet administrator, modified the wallet’s logical contract, and made the wallet execute incorrect logic to steal assets, involving funds exceeding US$235 million.
Based on the attacker’s attack behavior, it is speculated that the cause is the leakage of the administrator’s private key of the multi-signature wallet. Beosin briefly analyzes the cause of the attack as follows:
Attacker Address:
0x6eedf92fb92dd68a270c3205e96dccc527728066
Attacked address:
0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4
First, the attacker deploys the attack contract:
0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4。
The function of this contract is to extract the token assets specified by this contract.
In the second step, the attacker obtains the signature data of the Wazirx multi-signature wallet administrator and modifies the wallet's logical contract to the deployed attack contract.
The corresponding transactions are:
https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d
In the third step, the attacker submits a token withdrawal transaction to the wazirx multi-signature wallet. Due to the proxy mode mechanism, the wallet contract will use delegatecall to call the relevant functions of the attack contract and transfer the wallet tokens.
Beosin Trace tracks the stolen funds and shows a flow chart of the stolen funds. At present, the hacker has transferred part of the funds to Changenow and Binance exchanges, among which 0xf92949ab576ac2f8dc9e4650e73db083f1f9cd9f is the hacker's deposit address on Binance.
On the other hand, the hacker transferred 801 billion SHIBs to the address 0x35fe...745CA in the past two hours, with a value of up to 14.02 million US dollars, and is continuing to sell them in batches. Currently, the hacker address still holds 4.9 trillion SHIBs, with a total value of 86.52 million US dollars.
Beosin Trace is continuing to track the stolen funds.
As one of the earliest blockchain security companies in the world engaged in formal verification, Beosin focuses on the "security + compliance" full-ecosystem business and has established branches in more than 10 countries and regions around the world. Its business covers code security audits before project launch, security risk monitoring and blocking during project operation, stolen recovery, virtual asset anti-money laundering (AML), and compliance assessments that meet local regulatory requirements, etc. "One-stop" blockchain compliance products + security services.
BeosinBeosin, as a world-leading blockchain security company, has established branches in more than 10 countries and regions around the world, providing code security audits, security risk monitoring, early warning and blocking, stolen virtual asset recovery, KYT/AML and other "one-stop" security products + services for the blockchain ecosystem, protecting customer assets of more than 500 billion US dollars.
