- Incident Overview: Cyber attack on a multisig wallet with losses over $230 million.
- Wallet Configuration: Six signatories, including five from WazirX and one from Liminal.
- Breach Mechanics: Mismatch between displayed data and transaction contents on Liminal’s interface.
- Response Measures: Efforts underway to recover funds, including blocking deposits and reaching out to wallets.
Cyber Attack Exposes WazirX Wallet to $230 Million Loss
WazirX has been hit by a cyber attack that compromised one of its multisig wallets, resulting in a staggering loss of over $230 million. Here’s a detailed look into what happened, how it happened, and what steps are being taken to mitigate the damage.
Incident Overview
WazirX, a prominent cryptocurrency exchange, recently faced a major security breach involving one of its multisig wallets. The wallet, secured through Liminal’s digital asset custody and wallet infrastructure since February 2023, experienced a cyber attack that led to the loss of funds exceeding $230 million.
Wallet Configuration and Breach Mechanics
The compromised wallet was secured using a multisig configuration with six signatories—five from WazirX and one from Liminal. Transactions required approval from three WazirX signatories using Ledger Hardware Wallets, followed by a final approval from Liminal’s signatory. To enhance security, a whitelisting policy for destination addresses was in place, allowing transactions only to pre-approved addresses facilitated by Liminal.
Despite these security measures, the breach occurred due to a critical discrepancy. The data displayed on Liminal’s interface did not match the actual transaction contents. This mismatch suggests that the attackers may have replaced the payload, transferring control of the wallet to themselves.
Nature of the Cyber Attack
The attack exploited a vulnerability in the transaction verification process. While WazirX and Liminal had robust security features, including the Gnosis Safe multisig smart contract platform and strict whitelisting policies, the attackers found a way to manipulate the system. During the cyber attack, the information shown on Liminal’s interface differed from what was signed, indicating a sophisticated payload replacement.
Security Measures and Response
The sophisticated nature of this cyber attack managed to bypass these safeguards. In response to the breach, WazirX has taken several actions:
- Blocking a few deposits to prevent further losses.
- Reaching out to affected wallets in an attempt to recover the stolen funds.
- Engaging top cybersecurity experts to assist in the recovery efforts.
The affected WazirX wallet address is 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4. WazirX urges the community to stay vigilant and report any suspicious activities related to this address.
