WazirX $230M Crypto Hack Shakes India's Crypto Scene: “Horrifying Situation”

Tuesday, 23/07/2024 | 16:33 GMT by Jared Kirui
  • According to crypto users on X, the WazirX hack, which has left many users in India counting losses, can only be described as alarming.
  • The exchange is offering 10% of the recovered amount as a bug bounty, totaling up to $23 million.
india-crypto

A recent security breach at WazirX, resulting in a staggering $230 million loss, has sent shockwaves through India's cryptocurrency ecosystem. This incident has led to intense scrutiny of current security practices and crucial discussions about safeguarding digital assets in an increasingly risky environment. Users are concerned about the ease with which fraudsters can manipulate exchanges.

Dissecting the Hack

The incident ranks among the major hacks in the history of crypto exchanges and has left the crypto community pondering how easily fraudsters can manipulate crypto exchanges. One X user named Chandrashekhar wondered how “hackers can withdraw funds from the exchange, but legitimate exchange users cannot withdraw their own tokens or hold them in self-custody.”

Another X user has termed the situation “horrifying” after WizirX circulated an email to users about the security incident. Vivek Naskar lamented: “Received this horrifying mail from WazirX. So whatever minuscule (and negligible) crypto investment I had, that is also gone (or frozen)! Today is the day of tragedies.”

Cyvers Alert identified the suspicious transactions, noting that each transaction's caller received funds from Tornado Cash. Crypto investigator ZachXBT recently reported on his Telegram channel “Investigations by ZachXBT” that the suspected primary attacker still holds over $104 million.

“The WazirX incident highlights the importance of having comprehensive security measures for exchanges. The best way to ensure a full-proof safety net is by having a prominent monitoring and detection service, along with a proper crisis response protocol,” Meir Dolev, the Co-founder and CTO at Cyvers, told Finance Magnates.

WazirX has launched a $23 million bounty program to recover over $230 million in digital assets lost during the cyber attack which occurred last week, 99Bitcoins reported. This initiative aims to incentivize the global community to provide actionable intelligence that can help retrieve the stolen funds.

WazirX Announces Bug Bounty

In a recent statement, WazirX announced rewards of up to $10,000 worth of USDT for any information leading to the freezing of the stolen assets. Additionally, the exchange has committed to offering 10% of the recovered amount as a white hat incentive, which could total up to $23 million.

The breach targeted WazirX's multisig Ethereum wallet, a crucial element of the company's infrastructure. The suspected hackers reportedly exploited a discrepancy between the interface of Liminal, a digital asset security platform, and the actual transaction data, allowing them to siphon off the assets.

Following the incident, WazirX was forced to halt all withdrawals to contain the massive $235 million breach. The incident, linked to Tornado Cash, has now raised serious concerns about the security of decentralized finance platforms, the Economic Times reported. Web3 security firm Cyvers Alert revealed that they detected multiple suspicious transactions involving WazirX's Safe Multisig wallet on Ethereum.

The attackers then executed unauthorized transactions, with initial investigations pointing to the Lazarus Group, a well-known hacking collective. These transactions, funded by Tornado Cash, a protocol known for enabling private transactions, resulted in the transfer of $234.9 million to a new address. The transferred funds, which included Tether, were then swapped to different tokens.

A recent security breach at WazirX, resulting in a staggering $230 million loss, has sent shockwaves through India's cryptocurrency ecosystem. This incident has led to intense scrutiny of current security practices and crucial discussions about safeguarding digital assets in an increasingly risky environment. Users are concerned about the ease with which fraudsters can manipulate exchanges.

Dissecting the Hack

The incident ranks among the major hacks in the history of crypto exchanges and has left the crypto community pondering how easily fraudsters can manipulate crypto exchanges. One X user named Chandrashekhar wondered how “hackers can withdraw funds from the exchange, but legitimate exchange users cannot withdraw their own tokens or hold them in self-custody.”

Another X user has termed the situation “horrifying” after WizirX circulated an email to users about the security incident. Vivek Naskar lamented: “Received this horrifying mail from WazirX. So whatever minuscule (and negligible) crypto investment I had, that is also gone (or frozen)! Today is the day of tragedies.”

Cyvers Alert identified the suspicious transactions, noting that each transaction's caller received funds from Tornado Cash. Crypto investigator ZachXBT recently reported on his Telegram channel “Investigations by ZachXBT” that the suspected primary attacker still holds over $104 million.

“The WazirX incident highlights the importance of having comprehensive security measures for exchanges. The best way to ensure a full-proof safety net is by having a prominent monitoring and detection service, along with a proper crisis response protocol,” Meir Dolev, the Co-founder and CTO at Cyvers, told Finance Magnates.

WazirX has launched a $23 million bounty program to recover over $230 million in digital assets lost during the cyber attack which occurred last week, 99Bitcoins reported. This initiative aims to incentivize the global community to provide actionable intelligence that can help retrieve the stolen funds.

WazirX Announces Bug Bounty

In a recent statement, WazirX announced rewards of up to $10,000 worth of USDT for any information leading to the freezing of the stolen assets. Additionally, the exchange has committed to offering 10% of the recovered amount as a white hat incentive, which could total up to $23 million.

The breach targeted WazirX's multisig Ethereum wallet, a crucial element of the company's infrastructure. The suspected hackers reportedly exploited a discrepancy between the interface of Liminal, a digital asset security platform, and the actual transaction data, allowing them to siphon off the assets.

Following the incident, WazirX was forced to halt all withdrawals to contain the massive $235 million breach. The incident, linked to Tornado Cash, has now raised serious concerns about the security of decentralized finance platforms, the Economic Times reported. Web3 security firm Cyvers Alert revealed that they detected multiple suspicious transactions involving WazirX's Safe Multisig wallet on Ethereum.

The attackers then executed unauthorized transactions, with initial investigations pointing to the Lazarus Group, a well-known hacking collective. These transactions, funded by Tornado Cash, a protocol known for enabling private transactions, resulted in the transfer of $234.9 million to a new address. The transferred funds, which included Tether, were then swapped to different tokens.

About the Author: Jared Kirui
Jared Kirui
  • 1508 Articles
  • 24 Followers
Jared is an experienced financial journalist passionate about all things forex and CFDs.

More from the Author

CryptoCurrency