Indian Crypto Exchange WazirX Discloses Major Security Breach Resulting in $230 Million Theft

Major

Indian Crypto Exchange, WazirX, an Indian cryptocurrency exchange, has revealed that a significant security breach affected one of its multiset wallets, leading to a theft of over $230 million. In response, the exchange has temporarily halted all withdrawals to safeguard the remaining assets.

WazirX, an Indian cryptocurrency exchange, has revealed that a significant security breach affected one of its multisig wallets, leading to a theft of over $230 million. In response, the exchange has temporarily halted all withdrawals to safeguard the remaining assets.The breach, affecting a wallet that had been using Liminal’s digital asset custody and wallet infrastructure since February 2023, was disclosed in a statement on X (formerly Twitter). The compromised wallet required approval from six signatories—five from WazirX and one from Liminal—to authorize transactions. For a transaction to be completed, approval was needed from three WazirX signatories and the Liminal signatory. Additionally, there was a security rule in place that permitted transactions only to pre-approved addresses.Details of the HackThe attackers exploited a discrepancy between Liminal’s interface and the actual transaction details, allowing them to manipulate the transaction and gain control of the wallet, thus bypassing the security measures.WazirX's ResponseDespite having robust security systems, WazirX admitted that the hackers managed to breach them. The exchange is now working to block any further deposits and is focusing on recovering the stolen funds.Liminal’s StatementLiminal clarified that their system was not compromised. They stated that the affected wallet was created outside their platform, and all other wallets within their system remain secure.What are Multisig Wallets?Multisig wallets enhance security by requiring multiple private keys to authorize transactions. However, in this instance, the hackers were able to bypass this added layer of security.Next StepsWazirX has pledged to resolve the issue and recover the stolen funds, promising to keep users informed with updates as they learn more about the situation.

The breach, affecting a wallet that had been using Liminal’s digital asset custody and wallet infrastructure since February 2023, was disclosed in a statement on X (formerly Twitter). The compromised wallet required approval from six signatories—five from WazirX and one from Liminal—to authorize transactions. For a transaction to be completed, approval was needed from three WazirX signatories and the Liminal signatory. Additionally, there was a security rule in place that permitted transactions only to pre-approved addresses.

Details of the Hack

The attackers exploited a discrepancy between Liminal’s interface and the actual transaction details, allowing them to manipulate the transaction and gain control of the wallet, thus bypassing the security measures.

WazirX’s Response

Despite having robust security systems, WazirX admitted that the hackers managed to breach them. The exchange is now working to block any further deposits and is focusing on recovering the stolen funds.

Liminal’s Statement

Liminal clarified that their system was not compromised. They stated that the affected wallet was created outside their platform, and all other wallets within their system remain secure.

What are Multisig Wallets?

Multisig wallets enhance security by requiring multiple private keys to authorize transactions. However, in this instance, the hackers were able to bypass this added layer of security.

Next Steps

WazirX has pledged to resolve the issue and recover the stolen funds, promising to keep users informed with updates as they learn more about the situation.