A recent security breach at WazirX, resulting in a
staggering $230 million loss, has sent shockwaves through India’s
cryptocurrency ecosystem. This incident has led to intense scrutiny of current
security practices and crucial discussions about
safeguarding digital assets in an increasingly risky environment. Users are concerned about the ease with which fraudsters can manipulate exchanges.
The incident ranks among the major hacks in the history of crypto exchanges and has left the crypto community pondering how easily fraudsters can manipulate crypto exchanges. One X user named Chandrashekhar wondered how “hackers can withdraw funds from the exchange, but legitimate exchange users cannot withdraw their own tokens or hold them in self-custody.”
Another X user has termed the situation “horrifying” after WizirX circulated an email to users about the security incident. Vivek Naskar lamented: “Received this horrifying mail from WazirX.
So whatever minuscule (and negligible) crypto investment I had, that is also gone (or frozen)!
Today is the day of tragedies.”
Cyvers Alert identified the suspicious transactions,
noting that each transaction’s caller received funds from Tornado Cash. Crypto
investigator ZachXBT recently reported on his Telegram channel “Investigations by
ZachXBT” that the suspected primary attacker still holds over $104
million.
“The WazirX incident highlights the importance of having comprehensive security measures for exchanges. The best way to ensure a full-proof safety net is by having a prominent monitoring and detection service, along with a proper crisis response protocol,” Meir Dolev, the Co-founder and CTO at Cyvers, told Finance Magnates.
WazirX has launched a $23
million bounty program to recover over $230 million in digital assets lost
during the cyber attack which occurred last week, 99Bitcoins reported. This initiative
aims to incentivize the global community to provide actionable intelligence
that can help retrieve the stolen funds.
WazirX Announces Bug Bounty
In a recent statement, WazirX announced rewards of up to $10,000 worth of USDT for any information leading to
the freezing of the stolen assets. Additionally, the exchange has committed to
offering 10% of the recovered amount as a white hat incentive, which could
total up to $23 million.
The breach targeted WazirX’s multisig Ethereum wallet,
a crucial element of the company’s infrastructure. The suspected hackers reportedly exploited a discrepancy
between the interface of Liminal, a digital asset security platform, and the
actual transaction data, allowing them to siphon off the assets.
Following the incident, WazirX was forced to halt all withdrawals to contain the
massive $235 million breach. The incident, linked to Tornado Cash, has now raised
serious concerns about the security of decentralized finance platforms, the Economic Times reported. Web3
security firm Cyvers Alert revealed that they detected multiple
suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum.
The attackers then executed unauthorized transactions, with
initial investigations pointing to the Lazarus Group, a well-known hacking collective. These transactions, funded by Tornado Cash, a protocol
known for enabling private transactions, resulted in the transfer of $234.9
million to a new address. The transferred funds, which included Tether, were then swapped to different tokens.
A recent security breach at WazirX, resulting in a
staggering $230 million loss, has sent shockwaves through India’s
cryptocurrency ecosystem. This incident has led to intense scrutiny of current
security practices and crucial discussions about
safeguarding digital assets in an increasingly risky environment. Users are concerned about the ease with which fraudsters can manipulate exchanges.
The incident ranks among the major hacks in the history of crypto exchanges and has left the crypto community pondering how easily fraudsters can manipulate crypto exchanges. One X user named Chandrashekhar wondered how “hackers can withdraw funds from the exchange, but legitimate exchange users cannot withdraw their own tokens or hold them in self-custody.”
Another X user has termed the situation “horrifying” after WizirX circulated an email to users about the security incident. Vivek Naskar lamented: “Received this horrifying mail from WazirX.
So whatever minuscule (and negligible) crypto investment I had, that is also gone (or frozen)!
Today is the day of tragedies.”
Cyvers Alert identified the suspicious transactions,
noting that each transaction’s caller received funds from Tornado Cash. Crypto
investigator ZachXBT recently reported on his Telegram channel “Investigations by
ZachXBT” that the suspected primary attacker still holds over $104
million.
“The WazirX incident highlights the importance of having comprehensive security measures for exchanges. The best way to ensure a full-proof safety net is by having a prominent monitoring and detection service, along with a proper crisis response protocol,” Meir Dolev, the Co-founder and CTO at Cyvers, told Finance Magnates.
WazirX has launched a $23
million bounty program to recover over $230 million in digital assets lost
during the cyber attack which occurred last week, 99Bitcoins reported. This initiative
aims to incentivize the global community to provide actionable intelligence
that can help retrieve the stolen funds.
WazirX Announces Bug Bounty
In a recent statement, WazirX announced rewards of up to $10,000 worth of USDT for any information leading to
the freezing of the stolen assets. Additionally, the exchange has committed to
offering 10% of the recovered amount as a white hat incentive, which could
total up to $23 million.
The breach targeted WazirX’s multisig Ethereum wallet,
a crucial element of the company’s infrastructure. The suspected hackers reportedly exploited a discrepancy
between the interface of Liminal, a digital asset security platform, and the
actual transaction data, allowing them to siphon off the assets.
Following the incident, WazirX was forced to halt all withdrawals to contain the
massive $235 million breach. The incident, linked to Tornado Cash, has now raised
serious concerns about the security of decentralized finance platforms, the Economic Times reported. Web3
security firm Cyvers Alert revealed that they detected multiple
suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum.
The attackers then executed unauthorized transactions, with
initial investigations pointing to the Lazarus Group, a well-known hacking collective. These transactions, funded by Tornado Cash, a protocol
known for enabling private transactions, resulted in the transfer of $234.9
million to a new address. The transferred funds, which included Tether, were then swapped to different tokens.
