India’s Largest Cryptocurrency Exchange WazirX Hacked: $234.9 Million Stolen

July 22, 2024

3 minute read

India’s largest cryptocurrency exchange WazirX launches bug bounty program “to help recover the stolen funds” as cybercriminals stole $234.9 million worth of crypto last week. Learn more about the hack, how it raises concerns about exchange security and the potential impact on the Indian crypto market.

In a major blow to the Indian cryptocurrency landscape, Binance-owned WazirX, the country’s biggest crypto exchange, suffered a cyberattack resulting in the theft of over $230 million worth of investor funds, representing nearly half of its estimated reserves.

Experts suspect the notorious Lazarus Group, allegedly backed by North Korea, may be behind the attack. The group is known for targeting crypto exchanges and rarely returns stolen funds.

The stolen cryptocurrencies include ETH ($52.5 million), USDT ($5.79 million), PEPE ($7.6 million), GALA ($3.5 million), MATIC ($11.24 million), and SHIB ($102 million). This caused a 25% drop in the price of the platform’s native token WRX.

The attack, first reported by Web3 security firm Cyvers Alert, and later confirmed by WazirX on 18 July, targeted a single multi-sig wallet on the Ethereum network.

🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.

A total of $234.9M of your funds have been moved to a new address. Each transaction’s caller is funded by @TornadoCash.

The suspicious… pic.twitter.com/4sajAwd4Hb
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024

Multi-sig is a crypto storage solution requiring multiple signatures for withdrawals. This wallet was operated via “Liminal’s digital asset custody and wallet infrastructure from February 2023,” and required approvals from six signatories, including five from WazirX and one from Liminal.

Preliminary investigations suggest the attack resulted from a discrepancy between the transaction’s actual contents and the data displayed on Liminal’s interface leading to a mismatch between the signed and displayed information, suggesting the payload was replaced to transfer wallet control to an attacker. Hackers altered the transaction to bypass security measures and despite strong security systems, they managed to get through.

Crypto sleuth ZachXBT revealed in a Telegram post that the attackers’ address has over $104 million to dump, mainly holding $100 million in Shiba Inu, $4.7 million in FLOKI, $3.2 million in Fantom, $2.8 million in Chainlink, and $2.3 million in Fetch.ai. The remaining funds are split among various tokens.

The platform has temporarily halted rupee and crypto withdrawals while investigations are underway, and attempting to recover the stolen funds. However, Liminal, claims no breach within its system.

“We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe,” the company noted.

Based on @zachxbt‘s feedback, we have increased the White Hat Recovery reward to 10%, i.e., up to $23 Million.

We invite white hat hackers, blockchain forensics experts, and cybersecurity professionals from around the world to join this critical mission and protect the integrity… https://t.co/WasoyJT5UX
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 21, 2024

Nevertheless, the incident raises questions about multisig security protocols. The full impact of the attack remains to be seen, but it has undoubtedly shaken investor confidence and could have a chilling effect on the Indian crypto market. Regulatory bodies and other exchanges are likely to scrutinize the details of the attack, with stricter security protocols and regulations potentially emerging in its aftermath.

Readers can keep an eye on WazirX’s blog for updates and visit this link for information on the company’s newly launched first-ever bug bounty program to recover stolen funds.