'Beyond Control, Leaving No Stone Unturned To Recover Funds': WazirX Issues Detailed Investigation Report On Rs 1,920-Crore Wallet Breach

WazirX, a Mumbai-headquartered cryptocurrency exchange, on Thursday experienced a significant security breach, resulting in the transfer of over $230 million (roughly Rs 1,924 crore) to an unauthorised address. The breach was identified by Web3 security firm Cyvers, which detected "multiple suspicious transactions" linked to WazirX's Safe Multisig wallet on the Ethereum blockchain.

In a detailed statement, WazirX revealed that the cyber attack targeted one of their multisig wallets, resulting in the loss of funds exceeding $230 million. This wallet had been operated using the services of Liminal, a digital asset custody and wallet infrastructure provider, since February 2023. Liminal claimed that one of the self-custody multisig wallets that was created outside its ecosystem was compromised.

WazirX Breach: Here's What Went Down

WazirX's compromised wallet had six signatories: five from WazirX and one from Liminal. Typically, transactions required approval from three WazirX signatories, all of whom used Ledger Hardware Wallets, followed by final approval from Liminal’s signatory. To enhance security, the wallet configuration included a policy to whitelist destination addresses, which were managed by Liminal and enabled WazirX to initiate transactions to these pre-approved addresses.

The breach was attributed to a discrepancy between the data displayed on Liminal’s interface and the actual transaction contents. During the attack, the information shown on Liminal's interface did not match the signed transactions, suggesting that the payload was altered to transfer wallet control to the attacker.

What Security Measures Has WazirX Taken?

Despite WazirX's robust security measures, including the use of the Gnosis Safe multisig smart contract platform and Liminal's whitelisting policy, the attackers managed to bypass these defences.

"This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds," the exchange said. "We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavour." 

WazirX assured its users that it will continue to provide updates on the situation.

Liminal's Official Statement

Liminal Custody confirmed that one of the self-custody multisig smart contract wallets created outside its ecosystem was compromised. They emphasised that Liminal's platform, infrastructure, wallets, and assets remain secure. "It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform," the company said.

Liminal's team is actively assisting WazirX in their investigation, adhering to their rigorous security protocols.

This incident highlights the ongoing challenges and risks in the cryptocurrency industry, underscoring the importance of stringent security measures and swift response strategies.

Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.