WazirX Hit With $230M Security Breach, Paused All Withdrawals

WazirX, one of India's leading cryptocurrency exchanges, halted all withdrawals on Thursday following a significant security breach which resulted in the loss of $230 million, nearly half of its reserves.

Over 200 different cryptocurrencies were stolen in the breach, according to Lookonchain. This included 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens. Risk-management platform Elliptic reported that the hackers appear to have affiliations with North Korea.

WazirX reported that the affected multisig wallet, which requires multiple private keys for transactions, had six signatories, five of whom were from the WazirX team. Liminal, a wallet infrastructure firm, stated that their preliminary investigation indicated the breach involved a wallet created outside their ecosystem.

“The cyber attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents,” WazirX explained in a statement. “During the attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker.”

The loss of $230 million is a severe blow to WazirX, which had reported holdings of approximately $500 million in its June proof-of-reserves disclosure. “This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor,” the company posted on X.