Major Security Breach at Indian Crypto Exchange WazirX: Over $235 Million Stolen

In a major security incident, Indian cryptocurrency exchange WazirX fell victim to a hack that resulted in the theft of around $235 million worth of various digital assets. The breach, which occurred on July 18th, 2024, targeted WazirX’s multisig wallet on the Ethereum network.

Investigators believe the stolen funds were moved to a new address and then partially converted to Ethereum using the Tornado Cash mixing service, a tool often employed to obfuscate the trail of cryptocurrency transactions.

This incident has raised serious concerns about the security of multisig wallets, which are typically considered more secure than traditional wallets due to requiring multiple signatures for transactions.

Independent Investigator Tracks Stolen Funds

Independent blockchain investigator ZachXBT, known for his work tracing stolen crypto, has begun tracking the movement of the stolen funds. Through on-chain analysis, ZachXBT identified a series of test transactions on the Ethereum network originating from the suspected hacker address on July 10th. These transactions involved small amounts of SHIB tokens, suggesting potential preparation for the larger attack.

1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations. https://t.co/gLHu05sXWZ pic.twitter.com/eFRNdLtACB

— ZachXBT (@zachxbt) July 18, 2024

Technical Breakdown of the Attack

Further analysis by blockchain security expert Mudit reveals the attacker may have utilized Tornado Cash to launder a portion of the stolen funds. ZachXBT identified matching deposits and withdrawals involving small amounts of Ethereum, suggesting the use of Tornado Cash’s mixing service.

Traces Lead to Potential Exchange Involvement

By tracing the flow of funds further back, ZachXBT identified a series of transactions in early July that may be linked to the attacker’s source of funds. These transactions involve deposits from an unidentified exchange address, suggesting the attacker may have obtained some of the cryptocurrency used in the test transactions from another platform.

2/ The theft address I will start from is 0x6ee which was doing test transactions on July 10th from 0x09b multisig with SHIB and was funded with 6 X 0.1 ETH from Tornado.

0x6eedf92fb92dd68a270c3205e96dccc527728066

A technical breakdown of the attack by Mudit can be found below https://t.co/Q86k8o7oBg pic.twitter.com/JeU66hyOkI

— ZachXBT (@zachxbt) July 18, 2024

WazirX Suspends Withdrawals and Investigation Continues

In response to the breach, WazirX has temporarily suspended all withdrawals while they investigate the incident. The company has not yet commented on the specifics of the attack or the possibility of North Korean hacker involvement, a claim made by some security analysts.

📢 Update: We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding.…

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

WazirX Hacker Taunts Ethereum Co-founder

Adding an unusual twist to the incident, the hacker behind the attack reportedly sent a small amount of a newly created token named “I hacked WazirX” to the wallet address of Vitalik Buterin, the co-founder of Ethereum. The purpose of this action remains unclear.

WazirX hacker sent 'I hacked WazirX' tokens to Vitalik Buterin

He is not playing TBH

It's not only a theft but also a statement! pic.twitter.com/dcqJhJ9aH0

— Genos (@khgdafhkkg) July 18, 2024

This major security breach at WazirX highlights the ongoing challenges associated with cryptocurrency security. As investigations continue, the full scope of the attack and the identities of those involved remain to be seen.

TagsBitcoinBTCexchangeHackerWazirX