Quick Take
- Indian crypto exchange WazirX was hacked today, resulting in a theft exceeding $230 million.
- To protect user assets, the exchange temporarily paused INR and crypto withdrawals.
WazirX, India’s leading crypto exchange, has confirmed a breach involving one of its multisig wallets. The attack resulted in a theft exceeding $230 million.
The breach was first flagged by Cyvers Alert, a cybersecurity firm, which noticed suspicious transactions early Thursday morning. According to Cyvers, an unknown party withdrew roughly $235 million worth of cryptocurrency from WazirX’s wallet, transferring these assets to a new address before converting them into Ethereum (ETH). Notably, the transactions were initiated by a caller funded by Tornado Cash, a mixing service that has been controversial due to its potential use in laundering activities.
Responding to the incident, WazirX took to its official X account to inform its users, stating: “We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused.” The exchange assured its customers that it would provide updates as the situation evolves.
In latest update Wazirx said: “It appears that the security issue involves one of our Liminal multisig wallets. Our team is actively working on the matter.”
However, Liminal Custody later clarified that Liminal’s platform was not breached.
“Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe,” Liminal Custody said in an official statement. “It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform.”
“Adhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation,” Liminal Custody added.
Gracy Chen, CEO of Bitget, commented on the situation: “We are closely monitoring the #WazirX hack and are ready to assist with tracking and freezing of stolen funds. We hope for a swift resolution and that no users suffer any losses.”
Chen also elaborated on the measures Bitget is taking:
“Our tech and security teams are currently working closely with our partners such as Chainalysis to monitor the flow of stolen assets. If any of the stolen assets interact with Bitget’s wallets, we will take immediate action. We are actively reaching out to the WazirX team to offer assistance and support.”
The incident raises critical questions about the security measures employed by crypto exchanges, particularly around multisig wallets which are designed to provide an extra layer of security. Multisig, or multi-signature, wallets require more than one key to authorize a transaction, theoretically enhancing the security against thefts.
This breach not only affects WazirX and its users but also casts a shadow on the safety of digital assets at a time when the industry is striving to achieve mainstream acceptance. Incidents like these exacerbate the trust issues faced by potential investors and call into question the robustness of security practices currently in place.
Note: This is a developing story. We will continue to update with the latest information as it becomes available.