WazirX Hacked for $235 Million, Safe Multi-sig Wallet Compromised and Drained

Indian crypto exchange, WazirX, was hacked for more than $235 Million in a recent exploit. The “safe multi-sig wallet” was compromised and drained.

Indian crypto exchange, WazirX, was recently hacked for more than $235 Million. The exploiter compromised and drained the “safe multi-sig wallet”. The exploiter swapped PEPE, GALA, USDT, ETH, SHIBA, FLOKI, MATIC and more.

A recent X post by Web 3 security firm Cyvers Alerts spoke about the exploit. Their system detected over $234.9 of funds transferred from their safe wallets. Each transaction caller is funded by Tornado Cash.

The compromised funds were moved to an address and the hacker began actively converting the stolen funds to ETH. Over $100 Million of SHIB is currently in the hacker’s address which is yet to be converted.

WazirX’s official token WRX tumbled more than 15% due to this exploit. It is currently trading near $0.14 with a surge of 375% in its daily volume (press time).

Let’s have a look at how the hacker exploited the safe wallets of WazirX

The exploit was decoded by ZachXBT and various other X creators. They have come up with an interesting theory explaining the exploit. Let’s have a quick summary of the exploit as per its timeline.

The theft address was doing test transactions on July 10th from Multisig with SHIB. It was funded with 0.1 ETH from Tornado cash. The attackers then upgraded the multi-sig to a malicious version which allowed them to drain the multisig.

They likely did not have all the required private keys and they were dependent on multiple signature phishing. The attackers likely compromised 2 or 4 private keys as per X user Mudit Gupta.

As per the transaction hash, the wallet attempted to do a USDT transfer minutes before the actual hack. The hackers then used two other compromised keys to successfully execute the exploit transaction.

The primary theft address of the exploit was “0x04b21735E93Fa3f8df70e2Da89e6922616891a88”. As per ZachXBT, the address currently holds over $100 Million SHIB which is yet to be exchanged.

WazirX Suspends Withdrawals

WazirX has acknowledged the attack and has paused the withdrawals for cryptocurrency and INR. In an X post, they said that they are actively investigating the incident.

After the incident, BTC/INR, ETH/INR, and USDT/INR along with others were traded at a heavy discount on the platform. The discounted rate reflected panic selling among the investors.

WRX is trading near its one-year low at $0.144 after a loss of 17% in the intraday session. The hack caused a panic sale among WRX investors.

The hackers have not been identified yet, while many analysts are hoping for a partial recovery of funds. The WazirX hack might push the other exchanges to ramp up wallet security and other infrastructure security aspects.

This article is for informational purposes only and provides no financial, investment, or other advice. The author or any people mentioned in this article are not responsible for any financial loss that may occur from investing in or trading. Please do your research before making any financial decisions.

The above is the detailed content of WazirX Hacked for $235 Million, Safe Multi-sig Wallet Compromised and Drained. For more information, please follow other related articles on the PHP Chinese website!