Lazarus
WazirX
Crypto
Discover how WazirX's new bug bounty program aims to recover $234.9M stolen cryp...
WazirX, India's largest cryptocurrency exchange, has announced a bug bounty program aimed at recovering $234.9 million in stolen crypto assets.
This massive cyberattack has raised the temperature across the crypto space especially amongst the Indian crypto community, raising critical questions about exchange security.
In this [Threatfeed](https://www.secureblink.com/cyber-security-news) analysis, we analyze the details of this major crypto hack, explore its implications, and how WazirX is reciprocating to this yet another major crisis.
## Cyberattack Details
### Incident
On July 18, WazirX [confirmed](https://x.com/WazirXIndia/status/1813843289940058446) a major cyberattack resulting in the theft of over $230 million worth of investor funds. This theft represents nearly half of the exchange's estimated reserves, marking a significant blow to the Indian cryptocurrency landscape.
### Stolen Assets
The stolen cryptocurrencies include:
- **ETH:** $52.5 million
- **USDT:** $5.79 million
- **PEPE:** $7.6 million
- **GALA:** $3.5 million
- **MATIC:** $11.24 million
- **SHIB:** $102 million
This caused a 25% drop in the price of WazirX’s native token, WRX.
## Suspected Perpetrators
### Lazarus Group
Experts suspect the notorious [Lazarus Group](https://www.secureblink.com/cyber-security-news/lazarus-targets-spanish-aerospace-with-lightless-can), allegedly backed by North Korea, may be behind the attack. Known for targeting crypto exchanges and rarely returning stolen funds, the Lazarus Group's involvement underscores the severity and sophistication of the breach.
Some of the previous names that Lazarus victimized severely are [CoinsPaid](https://www.secureblink.com/cyber-security-news/lazarus-heist-coins-paid-resilient-amidst-37-3-m-cryptocurrency-theft) with whooping theft of $37.3 million worth of cryptocurrency, [Atomic Wallet](https://www.secureblink.com/cyber-security-news/lazarus-group-behind-the-35-million-atomic-wallet-hack) resulted in $35 millions in cryptos, and $620 million [Axie Infinity's Ronin Network crypto hack linked to Lazarus Group](https://www.secureblink.com/cyber-security-news/540-million-axie-infinity-s-ronin-network-crypto-hack-linked-to-lazarus-group).
### Attack Vector
The attack [targeted](https://www.investopedia.com/multi-signature-wallets-definition-5271193) a single multi-sig wallet on the Ethereum network. Multi-sig, short for multi-signature, is a crypto storage solution requiring multiple signatures for withdrawals.
This wallet was operated via Liminal's digital asset custody and wallet infrastructure from February 2023, requiring approvals from six signatories, including five from WazirX and one from Liminal.
## Technical Aspects of the Attack
### How the Hack Was Executed
Preliminary [investigations](https://wazirx.com/blog/preliminary-report-cyber-attack-on-wazirx-multisig-wallet/) suggest the attack resulted from a discrepancy between the transaction's actual contents and the data displayed on Liminal's interface.
This mismatch between the signed and displayed information indicates that the payload was replaced, transferring wallet control to an attacker.
Despite strong security systems, hackers managed to alter the transaction to bypass these measures.
### Attackers' Address
Crypto sleuth ZachXBT [revealed](https://t.me/investigations/143) in a Telegram post that the attackers' address has over $104 million to dump. The main holdings include:
- **Shiba Inu:** $100 million
- **FLOKI:** $4.7 million
- **Fantom:** $3.2 million
- **Chainlink:** $2.8 million
- **Fetch.ai:** $2.3 million
The remaining funds are split among various tokens.
## Impact on WazirX and Investors
### Immediate Response
In response to the attack, WazirX temporarily halted rupee and crypto withdrawals while investigations are underway. The platform is actively attempting to recover the stolen funds, though the complexity of the situation poses significant challenges.
### Investor Confidence
The hack has undoubtedly shaken investor confidence, potentially having a chilling effect on the Indian crypto market. Regulatory bodies and other exchanges are likely to scrutinize the details of the attack, with stricter security protocols and regulations potentially emerging in its aftermath.
## Current Status & Recovery Efforts
### Bug Bounty Program
To aid in recovering the stolen funds, WazirX has launched a bug bounty program. This initiative invites white-hat hackers and cybersecurity experts to identify vulnerabilities and assist in the recovery process.
### Liminal's Statement
Liminal, the service provider for the affected multi-sig wallet, claims no breach within its system. _"We can confirm that Liminal's platform is not breached and Liminal's infrastructure, wallets, and assets continue to remain safe,"_ the company noted.
## Future Implications for the Indian Crypto Market
### Regulatory Scrutiny
The incident raises questions about multi-sig security protocols and the overall robustness of crypto exchanges' security measures.
As the full impact of the attack unfolds, regulatory bodies may impose stricter security protocols and regulations to prevent future breaches.
### Market Sentiment
The hack's aftermath could lead to increased skepticism among investors, potentially slowing down the adoption and growth of the Indian crypto market. Exchanges will need to rebuild trust by demonstrating enhanced security measures and transparency.
---
### Links to keep an eye on at this hour!
- [WazirX Blog](https://www.wazirx.com/blog) for updates.
- [Web3 Security Firm Cyvers Alert](https://www.cyvers.io/)
- [ZachXBT on Telegram](https://t.me/zachxbt)