The cyberattack on India’s biggest cryptocurrency exchange WazirX has sent shockwaves through the crypto community. The WazirX hack on July 19, 2024, highlights the constant vigilance required in the face of evolving cyber threats.
With stolen funds exceeding $230 million, WazirX released a preliminary report detailing their findings on the compromised Safe Multisig wallet, the suspected attack method, and their ongoing efforts to recover the stolen funds.
Layers of Safe Multisig Wallet’s Security Bypassed: Report
The security breach of WazirX was first reported by Web3 security firm Cyvers Alerts which detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on the ETH network.
Cyvers Alerts also mentioned that around $234.9 million of funds in the Safe Multisig wallet had been moved to a new address, with each transaction’s caller funded by Tornado Cash, the decentralized protocol for private transactions.
Tornado Cash is a crypto mixing service that allows users to obfuscate the origin and destination of their cryptocurrency transactions, essentially adding a layer of anonymity.
WazirX’s preliminary investigation report reveals that the attackers targeted its Safe Multisig wallet which usually requires multiple approvals for any transactions. This particular wallet, operational since February 2023, leveraged Liminal’s digital asset custody and wallet infrastructure for added security.
Wallet Configuration and Breach Mechanics
The report dives into the security measures employed by the compromised wallet. It functioned with a multisig configuration involving six signatories – five from the WazirX team and one from Liminal.
To ensure additional security, transactions typically required approval from at least three WazirX signatories, each utilizing Ledger Hardware Wallets, a recognized security measure in the cryptocurrency space. Finally, a whitelisting policy restricted transactions to pre-approved addresses managed by Liminal’s interface.
Suspected Chink in the Armor: Discrepancy in Liminal’s Interface
Despite these seemingly robust security protocols, WazirX suspects a critical vulnerability within Liminal’s interface. The report highlights a potential discrepancy between the information displayed on the interface during transactions and the actual content of the signed transactions.
WazirX suggests that attackers may have exploited this gap. The report theorizes that the attackers might have replaced the transaction payload, essentially tricking the signatories into authorizing a malicious transaction that transferred control of the wallet to the attackers. This aligns with details from The Cyber Express article, which mentioned attackers bypassing the multisig approvals.
WazirX’s Response: A Race Against Time to Recover Funds
While acknowledging the attack, WazirX maintains that they implemented necessary steps to safeguard user assets. However, the attackers managed to exploit the suspected vulnerability. In response, WazirX claims to have taken swift action to mitigate further damage.
They have blocked suspicious deposits and are actively reaching out to potentially affected wallets to initiate recovery procedures. Additionally, they are collaborating with security experts to trace the stolen funds and apprehend the perpetrators.
Importance of Robust Security
While the preliminary report sheds light on the incident, several critical questions remain unanswered. A more comprehensive investigation is needed to determine the exact nature of the vulnerability in Liminal’s interface and how the attackers were able to exploit it.
Additionally, it’s vital to assess whether any internal security gaps within WazirX might have contributed to the breach. Furthermore, the effectiveness of WazirX’s recovery efforts will be a crucial factor in regaining user confidence.
The WazirX hack serves as a stark reminder of the ever-evolving cyber threats plaguing the cryptocurrency industry. It highlights the importance of multi-layered security measures, not only within cryptocurrency exchanges but also with third-party service providers like Liminal.
As investigations progress and more details emerge, we can expect to learn valuable lessons about the importance of robust cybersecurity protocols and the need for constant vigilance in the face of sophisticated cyberattacks.
