Discover how WazirX's new bug bounty program aims to recover $234.9M stolen crypto. Learn about the hack, its impact on exchange security, and the Indian crypto market

Continue reading
WazirX, India's largest cryptocurrency exchange, has announced a bug bounty program aimed at recovering $234.9 million in stolen crypto assets.
This massive cyberattack has raised the temperature across the crypto space especially amongst the Indian crypto community, raising critical questions about exchange security.
In this Threatfeed analysis, we analyze the details of this major crypto hack, explore its implications, and how WazirX is reciprocating to this yet another major crisis.
On July 18, WazirX confirmed a major cyberattack resulting in the theft of over $230 million worth of investor funds. This theft represents nearly half of the exchange's estimated reserves, marking a significant blow to the Indian cryptocurrency landscape.
The stolen cryptocurrencies include:
This caused a 25% drop in the price of WazirX’s native token, WRX.
Experts suspect the notorious Lazarus Group, allegedly backed by North Korea, may be behind the attack. Known for targeting crypto exchanges and rarely returning stolen funds, the Lazarus Group's involvement underscores the severity and sophistication of the breach.
Some of the previous names that Lazarus victimized severely are CoinsPaid with whooping theft of $37.3 million worth of cryptocurrency, Atomic Wallet resulted in $35 millions in cryptos, and $620 million Axie Infinity's Ronin Network crypto hack linked to Lazarus Group.
The attack targeted a single multi-sig wallet on the Ethereum network. Multi-sig, short for multi-signature, is a crypto storage solution requiring multiple signatures for withdrawals.
This wallet was operated via Liminal's digital asset custody and wallet infrastructure from February 2023, requiring approvals from six signatories, including five from WazirX and one from Liminal.
Preliminary investigations suggest the attack resulted from a discrepancy between the transaction's actual contents and the data displayed on Liminal's interface.
This mismatch between the signed and displayed information indicates that the payload was replaced, transferring wallet control to an attacker.
Despite strong security systems, hackers managed to alter the transaction to bypass these measures.
Crypto sleuth ZachXBT revealed in a Telegram post that the attackers' address has over $104 million to dump. The main holdings include:
The remaining funds are split among various tokens.
In response to the attack, WazirX temporarily halted rupee and crypto withdrawals while investigations are underway. The platform is actively attempting to recover the stolen funds, though the complexity of the situation poses significant challenges.
The hack has undoubtedly shaken investor confidence, potentially having a chilling effect on the Indian crypto market. Regulatory bodies and other exchanges are likely to scrutinize the details of the attack, with stricter security protocols and regulations potentially emerging in its aftermath.
To aid in recovering the stolen funds, WazirX has launched a bug bounty program. This initiative invites white-hat hackers and cybersecurity experts to identify vulnerabilities and assist in the recovery process.
Liminal, the service provider for the affected multi-sig wallet, claims no breach within its system. _"We can confirm that Liminal's platform is not breached and Liminal's infrastructure, wallets, and assets continue to remain safe,"_ the company noted.
The incident raises questions about multi-sig security protocols and the overall robustness of crypto exchanges' security measures.
As the full impact of the attack unfolds, regulatory bodies may impose stricter security protocols and regulations to prevent future breaches.
The hack's aftermath could lead to increased skepticism among investors, potentially slowing down the adoption and growth of the Indian crypto market. Exchanges will need to rebuild trust by demonstrating enhanced security measures and transparency.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation