WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach
Indian cryptocurrency exchange WazirX has confirmed a significant security breach resulting in the theft of $230 million in cryptocurrency assets. The breach highlights ongoing vulnerabilities in the crypto sector and raises questions about the security of digital asset custody solutions and the importance of smart contract audits.
Details of the Breach
In an official statement, WazirX disclosed the nature of the attack:
"A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million. This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023."
The breach stemmed from a discrepancy between the information displayed on Liminal's interface and the actual signed transactions. The attackers managed to replace the payload, effectively transferring wallet control to themselves, highlighting the critical need for robust smart contract security measures.
Involvement of Crypto Custody Firm Liminal
Liminal, a key player in the incident, is one of the six signatories responsible for transaction verifications on the compromised wallet. Liminal stated:
"Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected."
This incident underscores the importance of thorough smart contract audits and the need for enhanced security protocols in multi-signature wallet systems.
Attribution to North Korean Threat Actors
Blockchain analytics firm Elliptic and crypto researcher ZachXBT have both suggested that the attack bears the hallmarks of North Korean threat actors, specifically the notorious Lazarus Group. The attackers quickly swapped the stolen assets for Ether using various decentralized services.
The image above provides a detailed breakdown of the $235 million in crypto assets lost during the WazirX breach:
- SHIB (Shiba Inu): $96.7 million
- ETH (Ethereum): $52.6 million
- MATIC (Polygon): $11 million
- PEPE: $7.6 million
- USDT (Tether): $5.7 million
- FLOKI: $4.7 million
- Other assets: $56.7 million
This visualization highlights the significant amounts of various cryptocurrencies stolen, with SHIB and ETH being the largest portions of the lost assets.
North Korea-affiliated hackers have a history of targeting the cryptocurrency sector as a means to circumvent international sanctions. The United Nations has reported that between 2017 and 2023, North Korean actors carried out 58 suspected intrusions, netting $3 billion in illegal revenues to fund the nation's nuclear weapons program.
Related Cybersecurity Context
The breach comes amid a broader context of cybersecurity threats in the cryptocurrency world. A recent coordinated law enforcement operation, codenamed Spincaster, shut down networks involved in approval phishing scams, which have stolen an estimated $2.7 billion since May 2021. According to Chainalysis:
"With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer's address approval to spend specific tokens inside the victim's wallet, allowing the scammer to then drain the victim's address of those tokens at will."
This incident further emphasizes the need for comprehensive smart contract audits and robust security measures in the crypto space.
WazirX's Response
In response to the attack, WazirX has launched a bug bounty program aimed at uncovering actionable intelligence that could lead to the recovery and freezing of the stolen assets. The exchange is offering a reward equivalent to 10% of the recovered amount. Additionally, WazirX has notified the Financial Intelligence Unit—India (FIU-IND) and CERT-In, and has temporarily paused trading.
For more information on blockchain security and smart contract audits, visit blockhat.io, a leading provider of blockchain security solutions.