The recent WazirX hack has shaken the cryptocurrency industry. Hackers bypassed robust security measures to steal over $230 million from a highly protected multi-signature wallet. Adding to the alarm, there are connections that North Korean state-sponsored hackers might be behind the attack. Here is everything you need to know about what is happening at one of the biggest Indian crypto exchanges.
How did the WazirX hack happen?
The WazirX hack was a sophisticated attack targeting a crucial multi-signature wallet used by the exchange, causing a loss of virtual assets valued at over $230 million. This wallet needed multiple approvals for any transaction, making it harder for anyone to access the assets alone.
Six signatories were present—five from the WazirX team and one from Liminal, a company that helps secure digital assets. Three of the WazirX team members had to agree to approve a transaction, and then it needed final approval from Liminal’s representative. This process ensured no single person could control the wallet until now.
Despite this strong security setup, the hackers found a flaw. According to WazirXIndia on X (formerly Twitter), the attack took advantage of a mismatch between Liminal’s interface and the actual transaction data. Here’s a step-by-step look at how they did it:
- Finding the weakness: The hackers discovered a flaw in how Liminal’s interface matched the transaction data. This mismatch created a gap they could exploit.
- Manipulating the interface: They used this gap to change the transaction details without alerting the signatories. This tricked the system into thinking the transactions were legitimate.
- Bypassing security measures: With these altered details, the hackers bypassed the multi-signature security. This let them get the necessary approvals without raising suspicions.
- Gaining control: Once they bypassed the security, the hackers took control of the wallet and transferred the assets out of WazirX.
The attack was very advanced, showing that the hackers understood WazirX’s security in depth. It wasn’t a random attack but a well-planned operation. Their ability to find and exploit this specific flaw shows high skill and possibly inside knowledge.
WazirX called the hack a “force majeure” event. This term means it was an unforeseeable and unavoidable situation.
At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:
» Incident Overview: A cyber attack occurred in one of our multisig wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
WazirX’s response
After the hack, WazirX quickly took steps to minimize further damage and start recovery:
- Halting withdrawals: They stopped all cryptocurrency withdrawals to prevent more unauthorized transfers.
- Blocking deposits: They blocked several deposits and contacted affected wallet owners to help recover their funds.
WazirX worked with blockchain experts to track the stolen funds and help with the investigation.
Lookchain, a blockchain analytics platform, has published a breakdown of the stolen assets and suggested that the attackers are already seeking buyers for the pilfered cryptocurrencies.
Elliptic, a UK-based firm specializing in financial crime compliance, noted that the perpetrators have started swapping some of the stolen tokens for Ether using various decentralized services. More alarmingly, Elliptic’s analysis indicates that the thieves may be affiliated with North Korea, a nation known for its state-sponsored cryptocurrency hacking operations.
North Korea’s alleged involvement
Elliptic’s findings suggest that North Korean hackers may be behind the WazirX hack. If confirmed, this would add another layer of complexity to the incident. North Korea has a history of targeting cryptocurrency exchanges to fund its nuclear weapons program and enrich its leadership, circumventing international sanctions.
As the investigation continues, WazirX has promised to keep its users and the public informed of any developments. The company has stated that it is “leaving no stone unturned to locate and recover the funds” and is working with “the best resources” to aid in this effort.
All images are generated by Eray Eliaçık/Bing
