WazirX- India’s most popular Indian crypto exchange, was allegedly hacked by unknown persons who stole an enormous sum of $234 million (Rs 2000 crore) that amounted to half of their investors’ funds.
Since the incident, WazirX has halted all transactions including withdrawals and offered a bounty worth $23 million to retrieve the stolen funds.
As per WazirX owners, the breach occurred due to a signature compromise of their multisig wallet.
While the exchange itself is claiming that the hack has happened due to signature theft, the claim gently fails to cover the possibility of it being an insider attack. ZachXBT – a prominent blockchain security researcher – on the other hand, points that the hacker entity is none other than the infamous Lazarus group.
Whoever the hacker entity is, one thing is for certain that the hack was preplanned as the hacker address was found to have been practicing it for a week.
In this article, we will discuss the exact cause behind the breach and what could have been done to potentially avoid the hack.
WazirX Hack: How did it happen?
The attack on WazirX exchange involved a sophisticated execution of a discrepancy between transaction data shown on Liminal’s interface and the actual transaction. The compromised WazirX multisig wallet was configured with six signatories – five from WazirX and one from Liminal. It required a minimum of three approvals from the WazirX signatories and a final approval from Liminal’s signatory in order to send a transaction from the wallet.
Despite these robust security measures and a whitelisting address policy, attackers managed to manipulate the transaction data during the approval process. The attackers replaced the transaction payload and altered the actual contents of the transactions while maintaining the appearance of legitimacy on Liminal’s interface.
This trick allowed hackers to gain the necessary approvals from the signatories, who believed they were authorizing legitimate transactions. In result, the altered transactions were executed and millions of dollars of ERC-20 tokens were transferred to the attackers’ addresses. These transactions bypassed every intended security protocol and resulted in a significant loss of over $234 million.
The Blame Game
The dispute between WazirX and Liminal over this $234 million exploit has drawn significant attention from the crypto community. Both these firms have now begun a blame game and are accusing each other of security failure.
The victim, WazirX claims that Liminal failed in their duty to secure the funds alleging that Liminal’s security mechanisms were inadequate and did not prevent the exploit. In response, Liminal countered WazirX’s accusations and pointed towards the exchange’s internal systems and protocols. Liminal asserts that the exploit was a result of vulnerabilities within WazirX’s own infrastructure. It claimed that WazirX did not maintain proper security practices that could have prevented such incident.
The fallout from this incident not only affects the relationship between WazirX and Liminal but also raises broader concerns about the security of cryptocurrency exchanges and custodial services. The incident serves as a stark reminder of the potential risks and the need for enhanced security protocols in the rapidly evolving world of digital assets.
WazirX Launches 10% Bounty
Following the attack, WazirX tea has officially announced a bounty program with rewards totaling up to $23 million. It includes two main initiatives: the “Track & Freeze Bounty” and the “White Hat Recovery Bounty.”
The “Track & Freeze Bounty” offers up to $10,000 in USDT for information leading to the freezing of the stolen funds. Participants must either freeze the funds themselves or provide sufficient evidence to WazirX to enable them to do so. Non-actionable information or unsuccessful freezing attempts will not be rewarded.
The “White Hat Recovery Bounty” incentivizes the return of the stolen funds with a 10% reward of the recovered amount. Initially released as 5%, the reward was later increased on the recommendation by ZachXBT. This bounty is available to anyone who helps return the funds to a specified ERC20 wallet address. The reward will be given only after WazirX successfully receives the stolen assets.
Insider or Lazarus Group?
While most of the hacking incidents within the crypto space involve an insider entity, the same accusation could also be applied in the WazirX case. As said above, out of six signatories, five were assigned to the WazirX team while one was for the custodian. Now the chances of breaching in the security leans more towards the team as they are responsible for 75% of the success of the transaction.
However, several security analysts and research firms claim that the hacking pattern follows that of the infamous Lazarus group from North Korea. While looking at the nature of the attack, it seems to be employed by professional hackers who are aware of every terminology. Moreover, the first address – interacted with WazirX multisig – was funded from Tornado Cash which implies that hackers have been previously involved in such kinds of activities in the past.
Conclusion
The security breach at Wazirx has resulted in half of their investors’ funds vanishing into thin air!
The incident could pose disastrous repercussions on the Indian crypto landscape that is already reeling under an unpleasant tax structure. Whether or not WazirX would be able to retrieve their stolen funds will be an interesting proposition to watch out for.
Must Read Blogs:
