Table of Contents
India's largest cryptocurrency exchange, WazirX, suffered a breach that allowed hackers to extract users' funds. Currently, all withdrawals are halted as the team investigates.
According to the team, the digital wallet used by the WazirX team had six signatories—five from WazirX and one from Liminal, with transactions requiring three WazirX signatories (using Ledger Hardware Wallets) and one Liminal signatory for approval.
"During a cyber attack, there was a discrepancy between the information shown on Liminal's interface and the actual signed transaction, leading to suspicions that the transaction payload was altered to transfer wallet control to an attacker."
It seems that the team clicked on a phishing link that allowed users' funds to be drained.
According to WazirX, which was acquired by Binance in 2019, the exchange's total holdings stood at $503.64 million in June; a $235 million hack represents around 46% of their total holdings.
Who's behind it?
ZachXBT’s tracing work reveals a highly methodical and organized attack on WazirX, marked by meticulous preparation, strategic use of privacy tools like TornadoCash, and layered transactions.
The sophisticated nature of the hack, combined with patterns observed in previous attacks, suggests potential involvement by Lazarus Group. These elements point towards a well-coordinated effort by an experienced group, aligning with known behaviours of state-sponsored cybercrime units.
Where are the funds now?
Using the list of addresses affected reported by @cyvers_, We created a profile on Arkam to track the funds. As of now, the majority of the funds associated with these addresses have not been transferred out. This indicates that while the addresses have been compromised or flagged, the assets remain in place.
Market Reaction
Following the news, WRX experienced a significant drop in value, decreasing by approximately 14%. This hack could set back India's crypto ambitions, especially considering that Binance had just received approval to operate in India. The incident introduces additional scrutiny and potential regulatory challenges that could affect the broader crypto landscape in the country.