Major Security Breach at WazirX: Over $230 Million Stolen

In a significant blow to the Indian cryptocurrency landscape, WazirX has disclosed a major security breach that has resulted in the theft of over $230 million from one of its multi-sig wallets. The exchange has taken immediate action, suspending all withdrawals to safeguard the remaining assets and launching an intensive investigation into the breach.

WazirX revealed further information about the attack in a statement on X (formerly Twitter). The breach affected a wallet that had been using Liminal’s digital asset custody and wallet infrastructure since February 2023. This particular wallet was secured with multi-sig technology, requiring approvals from six signatories—five from WazirX and one from Liminal. To execute a transaction, three WazirX signatories and the Liminal signatory needed to approve it, and transactions were limited to pre-approved addresses.

How Did the Hack Happen?

The attackers managed to exploit a discrepancy between what was displayed on Liminal’s interface and the actual transactions taking place. By altering the transaction details, they gained control of the wallet, effectively bypassing the robust security measures in place.

WazirX's Response

Despite having strong security systems, WazirX admitted that the hackers were able to penetrate their defences. In response, the exchange has blocked any further deposits and is actively working to recover the stolen funds. WazirX has assured its users that it is fully committed to resolving the issue and has promised transparency throughout the process.

Statement from Liminal

Liminal, in an earlier statement, clarified that their system was not directly breached. They emphasized that the compromised wallet was created outside their platform and assured that all wallets within their system remain secure.

Understanding Multisig Wallets

Multisig (multi-signature) wallets require multiple private keys to approve transactions, adding an extra layer of security compared to single-signature wallets. However, in this incident, the attackers successfully bypassed these security measures, highlighting potential vulnerabilities even in advanced security setups.

WazirX is focused on recovering the stolen funds and enhancing its security protocols to prevent future breaches. The exchange has pledged to keep its users informed with updates as the investigation progresses. This incident underscores the importance of continuous vigilance and robust security practices in the ever-evolving landscape of cryptocurrency.

As WazirX works to resolve this critical issue, users are advised to stay updated through official channels and exercise caution in their transactions. The exchange's commitment to transparency and recovery efforts will be crucial in restoring trust and ensuring the security of its platform in the future.