Table of Contents
Context: WazirX, a major cryptocurrency firm in India, experienced a significant cyberattack.
Indian crypto exchange WazirX Security Breach
Recently, WazirX, a prominent Indian cryptocurrency exchange, experienced a security breach. During this incident, unauthorized access was gained to some user accounts. This raised concerns among users regarding the safety of their funds and personal information.
WazirX promptly responded to the breach, assuring users that they took immediate steps to mitigate the issue. They advised users to enable two-factor authentication (2FA) and urged caution against phishing attempts and suspicious activities. The exchange also emphasized its commitment to enhancing security measures to prevent future breaches.
Such incidents highlight the vulnerabilities in the cryptocurrency sector and underscore the importance of robust security practices when dealing with digital assets. Users are advised to stay vigilant, use strong passwords, enable 2FA, and monitor their accounts regularly for any unauthorized activity.
Cause of the WazirX Security Breach
- Preliminary findings indicate the attack was due to a discrepancy between data displayed on Liminal’s interface and the actual transaction contents.
- Liminal, a digital asset custody and wallet infrastructure provider, had no breach within its ecosystem.
- Instead, a self-custody multisig smart contract wallet outside of Liminal’s ecosystem was compromised.
Technical Details
- The compromised wallet used a MultiSig setup requiring multiple private keys for transaction approval.
- WazirX’s wallet had six signatories (five from WazirX and one from Liminal) and required approval from three WazirX signatories and one from Liminal.
- Despite robust security features like the Gnosis Safe multisig platform and Liminal’s whitelisting policy, attackers managed to breach these measures.
Comparative Analysis of Major Crypto Breaches
- The WazirX hack is one of the largest in India and among the significant global crypto breaches.
- In 2022, over $3.8 billion worth of cryptocurrency was stolen, with the number dropping to about $1.7 billion in 2023.
- Ronnin Network (March 2022): Hackers stole about $625 million worth of Ethereum and USDC stablecoin.
- Poly Network (August 2021): A hacker exploited a vulnerability, stealing over $600 million but returned most of it.
- Binance (October 2022): A major security breach resulted in a loss of $570 million.