On 17 July 2024, Indian cryptocurrency exchange WazirX has revealed a major security breach resulting in the theft of over $230 million from one of its multisig wallets. The incident, involving Liminal’s digital asset custody services, has led to the immediate suspension of Indian rupee withdrawals as the company conducts a thorough investigation.
In a statement posted on social media platform X, WazirX described the breach as a “force majeure event beyond our control,” while assuring users that efforts are ongoing to recover the stolen funds. The exchange also disclosed that crypto withdrawals had already been halted prior to the incident. WazirX has blocked some deposits and reached out to concerned wallets in an effort to recover the funds. The compromised WazirX wallet address was identified as 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4.
The breach was detected in a multisig wallet that has been utilizing Liminal’s custody and wallet infrastructure since February 2023. This wallet required transaction approvals from three out of five WazirX signatories and one from Liminal, with all signatories using Ledger Hardware Wallets for security. Despite these measures, a discrepancy between the data shown on Liminal’s interface and the actual transaction contents allowed the attacker to transfer wallet control.
The compromised address has been actively swapping various cryptocurrencies, including PEPE, GALA, and USDT, into ether (ETH). On-chain analysis by Elliptic and ZachXBT points to the involvement of the North Korean Lazarus hacking group, known for similar exploits.
WazirX’s response to the breach has drawn criticism for its apparent lack of robust security measures. The invocation of the force majeure clause seems inadequate given the exchange’s failure to prevent the attack despite having advanced security protocols in place. This incident underscores the critical need for cryptocurrency exchanges to adhere to stringent security practices and industry standards in key management to safeguard investor interests.
This breach highlights the vulnerability of cryptocurrency exchanges to sophisticated hacking attempts and emphasizes the necessity for comprehensive security frameworks to protect user assets. Proper system safeguards, including multi-layered security measures and continuous monitoring, are essential to prevent such breaches and maintain investor confidence.
Members of the WazirX Telegram group reported that withdrawals of crypto from the exchange had been suspended for over a week prior to the exploit, citing local regulations. This added to the frustration among users, who have limited options for offshore exchanges in India.
As WazirX navigates this crisis, the exchange’s token, WRX, has seen a sharp decline, dropping roughly 21% on the same day.
