WazirX suspends withdrawals

Indian Crypto Exchange WazirX Suspends Withdrawals Amid $230M Security Breach

Indian cryptocurrency exchange WazirX has announced a major security breach that resulted in the theft of over $230 million from one of its multisig wallets. In response, the exchange has temporarily halted withdrawals of both cryptocurrencies and Indian rupees (INR) while the incident is being investigated. Prominent blockchain investigators Zachxbt and Mudit Gupta have provided insights into the sophisticated nature of the hack.

Incident Details

On July 18, WazirX disclosed a security breach on its social media platform X. The breach affected one of its multisig wallets, a type of wallet requiring multiple signatures to authorize transactions. The company assured users that their assets would be protected by temporarily pausing withdrawals.

Official Statement:

“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident,” WazirX stated, emphasizing the temporary halt of INR and cryptocurrency withdrawals to ensure asset safety.

Blockchain Investigations:

• Zachxbt’s Analysis: Zachxbt, a blockchain investigator, traced the movements of the stolen $230 million. His analysis revealed that the initial theft address conducted test transactions on July 10 using SHIB and received multiple deposits from Tornado Cash, a privacy tool often used to obfuscate transactions. The tracing suggested a sophisticated and organized attack, potentially linked to the notorious Lazarus Group.
  • “I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations,” Zachxbt shared on X.
  • “The BTC appears to come from an unknown service making it difficult to trace. All I can say is the WazirX hack has the potential markings of a Lazarus Group attack (yet again),” he concluded.
• Mudit Gupta’s Analysis: Blockchain security researcher Mudit Gupta also provided his insights. He noted that the hackers had been practicing the hack on the blockchain at least eight days prior to the breach.
  • “The attackers upgraded the multisig to a malicious version that allowed them to drain the multisig,” Gupta explained. “The attackers likely compromised 2 out of 4 private keys directly, and the remaining two were signature phished via a UI/Wallet compromise. My bet is on wallet compromise/custody provider compromise.”

Potential Attribution: Both investigators suggested that the attack was methodical and well-organized, potentially pointing towards North Korean hackers, specifically the Lazarus Group, known for their cyber attacks on financial institutions.

Conclusion

The security breach at WazirX highlights the vulnerabilities in even the most secure crypto storage solutions like multisig wallets. As WazirX works to secure its platform and investigate the incident, the broader crypto community is reminded of the importance of robust security measures and vigilance against sophisticated cyber attacks. Transparency in the investigation process will be crucial for restoring user trust and preventing future breaches.

FAQs

1. What happened at WazirX?

• WazirX experienced a security breach in one of its multisig wallets, resulting in the theft of over $230 million. Consequently, the exchange has halted INR and cryptocurrency withdrawals while investigating the incident.

2. What is a multisig wallet?

• A multisig wallet is a type of cryptocurrency wallet that requires multiple signatures (private keys) to authorize a transaction. It is designed to increase security by ensuring that no single party has control over the funds.

3. Who are Zachxbt and Mudit Gupta?

• Zachxbt is a blockchain investigator who traced the stolen funds from the WazirX breach. Mudit Gupta is a blockchain security researcher who analyzed the hack and provided insights into the attackers’ methods.

4. Who is suspected to be behind the attack?

• Both investigators suggested that the attack was sophisticated and well-organized, potentially pointing towards North Korean hackers, specifically the Lazarus Group.

5. What measures has WazirX taken in response to the breach?

• WazirX has temporarily halted withdrawals of INR and cryptocurrencies to ensure the safety of user assets while investigating the breach.

6. How did the hackers execute the breach?

• The attackers upgraded the multisig wallet to a malicious version, compromising 2 out of 4 private keys directly, and phishing the remaining two via a UI/Wallet compromise.

7. What is the Lazarus Group?

• The Lazarus Group is a North Korean cybercrime group known for conducting sophisticated cyber attacks on financial institutions and cryptocurrency exchanges.

8. Will WazirX resume withdrawals soon?

• Withdrawals will remain paused until WazirX completes its investigation and ensures the security of its platform. The timeline for this is currently unknown.

9. How can users protect their cryptocurrency assets?

• Users should use secure wallets, enable two-factor authentication, regularly update their security protocols, and stay informed about potential vulnerabilities and threats in the crypto space.

10. What impact does this breach have on the cryptocurrency community?

• The breach underscores the need for heightened security measures in the cryptocurrency industry and serves as a reminder of the constant threat posed by sophisticated cyber attackers.

WazirX suspends withdrawals

NITI Aayog Proposes Simpler Tariffs and Fresh Incentives to Boost Electronics Sector