WazirX Exchange Releases Post-Mortem Report: Was North Korea Behind The $235M Exploit?
July 18 2024 - 3:18PM
NEWSBTC
Indian-based cryptocurrency exchange WazirX recently fell victim to
a significant security breach, resulting in the unauthorized
transfer of over $230 million of assets. The incident led to the
temporary suspension of withdrawals as the exchange worked to
investigate and mitigate the breach. In a subsequent report
released by WazirX, preliminary findings shed light on the causes
of the exploit. At the same time, blockchain analytics firm
Elliptic suggested the potential involvement of North Korea in this
sophisticated attack. WazirX Multisig Wallet Breach WazirX
disclosed that the cyber attack targeted one of their multisig
wallets, which utilized the services of Liminal’s digital asset
custody and wallet infrastructure since February 2023. The
wallet allegedly had a configuration involving six signatories,
including five from the WazirX team and one from Liminal, who were
responsible for transaction verifications. Three WazirX
signatories, who employed Ledger Hardware Wallets for added
security, were required to approve a transaction, followed by the
final approval from Liminal’s signatory. Related Reading:
Crypto Analyst Predicts XRP Price To Hit $1.03 Soon, Warns Of
Initial Dip Additionally, a whitelisting policy was in place to
“enhance security,” allowing transactions solely to predefined
addresses facilitated by Liminal. The exchange further disclosed
that the breach originated from a “discrepancy” between the data
displayed on Liminal’s interface and the actual contents of the
transaction. During the attack, the exchange notes a
“mismatch” between the information displayed on Liminal’s interface
and what was signed. It is suspected that the payload was
manipulated to transfer wallet control to the attacker, enabling
them to exploit the vulnerability. North Korean Affiliation In
$235M Breach? WazirX emphasized its implementation of “robust”
security measures, including the Gnosis Safe multi-sig smart
contract platform and Liminal’s whitelisting policy. Despite these
precautions, the cyber attackers managed to breach the security
features and execute the theft. Looking ahead, the exchange
expressed its commitment to protecting customer assets and
acknowledged the need for further investigation and reinforcement
of security protocols. The exchange concluded by stating the
following: This is a force majeure event beyond our control, but we
are leaving no stone unturned to locate and recover the funds. We
have already blocked a few deposits and reached out to concerned
wallets for recovery. We are in touch with the best resources to
help us in this endeavor. While these are our findings from our
preliminary investigation, we will keep you posted with further
updates. Together with your support, we shall overcome this
challenge and emerge stronger and more resilient than ever. Related
Reading: MOVR Bulls Assemble: Crypto Analyst Says A 2,000% Surge To
$234 Is Imminent Blockchain analytics firm Elliptic, on the other
hand, conducted an independent analysis of the exploit and
indicated a potential connection to North Korea. According to
Elliptic’s findings, approximately $235 million in various crypto
assets were lost in the breach, including Shiba Inu (SHIB),
Ethereum (ETH), Polygon (MATIC), and Pepe. The thief has
reportedly converted some of these tokens into Ether using
decentralized services, a common step in the laundering process.
On-chain analysis and additional information reviewed by Elliptic
suggest the alleged involvement of hackers affiliated with North
Korea. Featured image from DALL-E, chart from TradingView.com
SHIBA INU (COIN:SHIBUSD)
Historical Stock Chart
From Jun 2024 to Jul 2024
SHIBA INU (COIN:SHIBUSD)
Historical Stock Chart
From Jul 2023 to Jul 2024