WazirX, an Indian cryptocurrency exchange, experienced a major cyberattack resulting in the loss of over $230 million from a multisig wallet. The attack targeted one of WazirX’s multisig wallets, which had been using Liminal’s digital asset custody and wallet infrastructure since February 2023. The wallet had six signatories, with one from Liminal and five from WazirX, ensuring secure transactions through multiple approvals.
The breach of the wallet occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. The hacker managed to replace the payload during the attack, gaining control of the multisig wallet and stealing the funds held within it. Despite the implementation of security measures like the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack was able to exploit these defenses.
Liminal Custody, in a statement to Cointelegraph, confirmed that their platform was not breached and that their assets, wallets, and infrastructure remained secure.
India’s cryptocurrency regulations present hurdles for the industry, particularly in terms of security measures, risk management, and consumer protection. Joanna Cheng, associate general counsel at Fireblocks, highlighted the absence of specific guidelines in these areas. As a result, Indian Prime Minister Narendra Modi called for a global crypto framework at the G20 Summit in August 2023, recognizing the global impact of emerging technologies like blockchain and cryptocurrencies and advocating for a comprehensive international regulatory framework.
In response to the attack, WazirX addressed the community and provided details of the incident in an official post. The company assured stakeholders that efforts were underway to retrieve the stolen assets. WazirX described the attack as a “force majeure event” and explained that despite taking all necessary precautions to protect customer assets, the theft still occurred. The exchange is currently collaborating with cybersecurity teams to locate and recover the funds and has promised to provide further updates to the community.
Asia Express magazine reported that the WazirX hackers had prepared for eight days before launching the attack. Additionally, the publication revealed that the swindlers had created fake fiat currency to exchange for USDT, a popular stablecoin.
Overall, this cyberattack on WazirX highlights the need for stronger regulations and security measures in the cryptocurrency industry, both in India and globally.