Wednesday, December 11, 2024
banner


At WazirX, our commitment to transparency and community well-being is paramount. One of our multi-sig wallets has been cyber-attacked. To clarify the situation, below are the initial findings:

  • Incident overviewA cyber attack occurred on one of our multi-sig wallets, resulting in the loss of over $230 million in funds. This wallet has been operated using Liminal’s digital asset custody and wallet infrastructure services since February 2023.
  • Wallet configuration and breach mechanismThe wallet had six signatories, five from our WazirX team and one from Liminal, responsible for verifying transactions. A transaction typically requires the approval of three of the WazirX signers (all three of whom use Ledger Hardware Wallets for security), followed by final approval from the Liminal signer. A whitelisting policy of destination addresses was also in place to increase security. These whitelisted addresses are allocated and facilitated on the interface by Liminal; therefore, the WazirX team had the ability to initiate transactions with the specified whitelisted addresses.
  • The nature of the cyber attackThe cyberattack originated from a mismatch between the data displayed on Liminal’s interface and the actual content of the transaction. During the cyberattack, there was a discrepancy between the information displayed in Liminal’s interface and the information actually signed. We suspect that the payload has been replaced to transfer control of the wallet to the attacker.
  • Security measures and responseWe had robust security features including the Gnosis Safe multisig smart contract platform and Liminal’s whitelist policy. Although we take all necessary steps to protect customer assets, cyber attackers appear to have breached such security features and theft has occurred.

This is a force majeure event beyond our control, but we are leaving no stone unturned to find and recover funds. We have already blocked several deposits and contacted the respective wallets for recovery. We are in touch with the best resources to help us in this endeavour. While these are the results of our initial investigation, we will keep you posted with further updates. With your support, we will overcome this challenge and emerge stronger and more resilient than ever.

Thank you for standing with us.

Affected WazirX wallet address0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4

Disclaimer: Cryptocurrency is not legal tender and is currently unregulated. Please ensure that you carry out a sufficient risk assessment when trading cryptocurrencies as they are often subject to high price volatility. The information presented in this section does not represent any investment advice or the official position of WazirX. WazirX reserves the right, at its sole discretion, to modify or amend this blog post at any time and for any reason without prior notice.

Join the Indian Crypto Movement! Share,
banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com