Indian cryptocurrency exchange WazirX has revealed more details about a significant security breach impacting one of its multisig wallets. The attack, which resulted in the loss of over $230 million, was confirmed in a statement on X (formerly Twitter) and has led to a temporary suspension of all withdrawals to protect the remaining assets.
According to WazirX’s preliminary report, the compromised wallet had been using Liminal’s digital asset custody and wallet infrastructure since February 2023. This wallet required approvals from six signatories—five from WazirX and one from Liminal. To complete a transaction, three WazirX signatories and the Liminal signatory had to approve it. Additionally, they had a security rule allowing transactions only to pre-approved addresses.
The attackers exploited a discrepancy between what was shown on Liminal’s interface and what was actually happening in the transaction. They manipulated the transaction to gain control of the wallet, bypassing the security measures.
WazirX stated that despite having strong security systems in place, the hackers managed to breach them. The exchange is now working to block any further deposits and recover the stolen funds.
Liminal clarified that their system was not breached. They explained that the compromised wallet was created outside their system, and all wallets within their platform are secure.
Multisig wallets require multiple private keys to approve transactions, providing an extra layer of security. However, in this case, the hackers managed to circumvent this security.
WazirX is committed to resolving the issue and recovering the stolen funds. They have promised to be transparent with their users and keep them informed as more information becomes available.
