Fallout From WazirX’s $235M Exploit: Crypto Exchange Files Police Complaint
After being hit by a massive hack that resulted in the loss of $235 million for its investors on Thursday, India-based cryptocurrency exchange WazirX has taken immediate steps to mitigate the damage and filed a police complaint to recover the stolen funds.
WazirX Launches Legal Pursuit
In a recent update on the situation, WazirX published a social media post noting that the exchange has reported the incident to the Financial Intelligence Unit (FIU) and CERT-In, India’s Computer Emergency Response Team. The exchange stated:
In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.
In addition, the exchange has reportedly contacted over 500 other crypto exchanges and asked them to block the identified addresses associated with the exploit, which resulted in the loss of SHIB, ETH, MATIC, and PEPE tokens valued at $96, $52, $11 and $7.6 million, respectively.
The exchange noted that it is actively working with these exchanges to identify additional resources to assist in their recovery efforts and assist affected customers of the breach.
The immediate plans of WazirX include tracing the stolen funds, recovering customer assets, and conducting an in-depth analysis of the cyber attack. To achieve this, the exchange collaborates with forensic experts and law enforcement agencies to identify and apprehend the perpetrators responsible for the exploit.
As part of their ongoing investigation, WazirX has also identified two additional smart contracts that were exploited and is diligently examining the incident.
WazirX has set up a secluded website to protect user funds where customers can revoke all approvals. However, the exchange emphasizes that users’ funds remain at risk until they take this necessary step.
Multisig Wallet Vulnerability Exposed
According to a report released by WazirX on Thursday, the cyber attack targeted one of their multisig wallets, which relied on the services of Liminal’s digital asset custody and wallet infrastructure since February 2023.
The wallet’s configuration involved six signatories, including five from the WazirX team and one from Liminal, who were responsible for verifying transactions. A whitelisting policy was also implemented to increase security.
The exchange also discovered that the breach was caused by a mismatch between the data displayed on Liminal’s interface and the actual content of the transaction.
During the attack, a discrepancy was observed between the information displayed on the Liminal interface and what was signed. It is believed that the payload was manipulated to give control of the wallet to the attacker, allowing them to exploit the vulnerability.
At the time of writing, the total market capitalization stands at $2.3 trillion, following the market’s recent recovery from a low of $1.9 trillion on July 5. SHIB, which fell over 10% on Thursday following the exploit, has also shown signs of recovery, rising 3% to a current trading price of $0.000017.
Featured image from DALL-E, chart from TradingView.com