WazirX temporarily halts withdrawals after tokens worth $230 million get stolen

Representative image

Crypto exchange WazirX on July 18 confirmed facing security breach and temporarily stopped INR and crypto withdrawals, following the suspicious transfer of assets worth $230 million from one of its multisig wallets earlier in the day.

A mutlisig wallet is a crypto wallet which require two or more private keys to unlock and withdraw funds.

“We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We'll keep you posted with further updates,” WazirX said in a post on X.

The exchange later, said in a blog post detailing its preliminary findings, "This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor. "

According to third party blockchain analytics tool, Lookonchain, the stolen assets from WazirX included $102 million of Shiba Inu, $52.5 million in Ethereum, $11.24 million in Matic, $7.6 million in Pepe coin, $135 million in Tether, and $3.5 million in Gala.

Preliminary findings

According to WazirX, the cyber attack occurred in one of its multisig wallets, that was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023.

Liminal is a wallet infrastructure and digital asset custody solution provider.

The wallet had six signatories—five from WazirX team and one from Liminal, who were responsible for transaction verifications. "A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal's signatory. A policy to whitelist destination addresses was also in place to enhance security," the exchange said.

These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses.

Detailing the nature of the cyber attack, WazirX said that the issue stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed.

"We suspect the payload was replaced to transfer wallet control to an attacker," the exchange noted.

Industry reacts

Country’s top crypto platforms including CoinSwitch, CoinDCX and Mudrex took to social media to inform users that their assets are safe after this episode.

Ashish Singhal, co-founder of CoinSwitch said, “We are aware of the recent security breach on the WazirX platform. We want to assure our users that their funds on CoinSwitch are secure and unaffected by this incident. We advise all our crypto investors to be mindful of potential market volatility during this time and exercise caution in their trading and investment activities.”

“In light of the recent #WazirX breach, we want to reassure all CoinDCX users that your assets are safe and not impacted in any manner. Our wallet security remains robust,” added Sumit Gupta, co-founder, CoinDCX.

Edul Patel, CEO, Mudrex said, “We conduct regular audits to ensure a 1:1 ratio of funds. Additionally, our codebase goes through extensive scrutiny and review at many layers to ensure our tech infrastructure is immune to such exploits.”

“This incident underscores the importance of continuous monitoring and robust compliance frameworks to protect investors and ensure the integrity of the crypto ecosystem," Patel added.