Indian cryptocurrency exchange platform WazirX has reported a major security breach involving Safe Multisig, one of its wallets, on Ethereum blockchain. The WazirX hack has reportedly caused a severe financial loss, estimated to be over $230 million as claimed by analysts.
In response to the cybersecurity incident, WazirX said it would temporarily suspend Indian Rupee (INR) and crypto withdrawals to protect user funds. The company also said that it is investigating the incident.
WazirX Hack in Detail: Funds Disappear into the Ether
The security breach of WazirX was first reported by Web3 security firm Cyvers Alerts on July 18, 2024 on its X (formerly Twitter) handle.
In its post, Cyvers Alerts warned, “ALERT🚨Hey @WazirXIndia, our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the ETH network.”
Safe Multisig wallet is designed to require multiple approvals for any transactions, aiming to add an extra layer of security. However, in this instance, the attackers managed to bypass the security measures and siphon off a massive amount of cryptocurrency.
Cyvers Alerts also mentioned that around $234.9 million of funds in the Safe Multisig wallet had been moved to a new address, with each transaction’s caller funded by Tornado Cash, the decentralized protocol for private transactions.
Tornado Cash is a crypto mixing service that allows users to obfuscate the origin and destination of their cryptocurrency transactions, essentially adding a layer of anonymity.
While some users value the privacy aspects of such services, law enforcement agencies and regulators have raised concerns about their potential use in money laundering and other illicit activities.
“The suspicious address has already swapped $PEPE, $GALA, and $USDT to $ETH and continues to swap other digital assets,” Cyvers Alerts posted.
“We attempted to contact you 30 minutes ago, but received no response. It appears that your Safe wallet has been compromised by a malicious actor!” (sic).
Over $200 Million Yet to be Offloaded: Report
Crypto sleuth ZachXBT claimed that the suspected primary attacker address still has over $104 million to dump.
“Attacker still has $100M+ worth of SHIB (Shiba Inu) and $4.7M+ FLOKI to sell,” the sleuth wrote on its Telegram channel ‘Investigations by ZachXBT’.
WazirX Suspends Withdrawals in India
Following the discovery of the breach, WazirX took swift action to mitigate further damage. The Indian exchange temporarily paused the withdrawal of cryptocurrencies and Indian rupees on the platform.
Making the announcement on its official X handle, WazirX posted, “We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We’ll keep you posted with further updates.”
Unanswered Questions Over WazirX Hack
As the investigation over the security breach continues, WazirX will have to address several questions like how did the attackers manage to bypass the security protocols of the Safe Multisig wallet? The investigators should also identify if any internal vulnerabilities were exploited or if the attackers employed sophisticated hacking techniques.
The WazirX hack serves as a stark reminder of the ever-evolving cyber threats plaguing the cryptocurrency industry. As the industry continues to grow, exchanges like WazirX will need to prioritize robust security measures to regain user trust.
Investing in cutting-edge security solutions, fostering transparency, and collaborating with industry stakeholders will be crucial in preventing similar incidents from happening again. Furthermore, discussions surrounding cryptocurrency anonymity and its potential misuse warrant serious consideration by regulators and industry leaders.
