Indian crypto exchange WazirX has experienced a significant wallet exploit resulting in the unauthorized transfer of over $230 million worth of crypto assets.
How It Happened
According to the details from the security platform Cyvers which identified the multiple suspicious transactions, the security breach targeted the exchange’s multisig wallet on the Ethereum network and drained the funds.
🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.
A total of $234.9M of your funds have been moved to a new address. Each transaction’s caller is funded by @TornadoCash.
The suspicious… pic.twitter.com/4sajAwd4Hb
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024
The hacker reportedly stole a total of $234.9 million in funds from the exchange’s safe multisig wallet, transferred the stolen funds to a new address, and then converted them into Ethereum (ETH). The crypto assets compromised include Pepe (PEPE), Gala (GALA), and Tether (USDT).
Cyvers also highlighted that the transaction’s caller is funded by Tornado Cash, a decentralized protocol for private transactions.
The compromised funds were moved to an address that has already begun converting the stolen assets, such as PEPE, GALA, and USDT, into Ethereum. Cyvers also noted that the exploiters are continuing to swap other assets.
Meanwhile, the hacker currently holds $211 million worth of crypto. The majority of the wallet’s holdings are Shiba Inu, Ethereum, MATIC, Floki and FTM. These transfers have raised significant concerns among the exchange’s users as they are worried about the safety of their funds.
WazirX Exchange Issues a Statement
After several alerts from blockchain security firms via X, the exchange team has made an official statement acknowledging the infamous exploit, adding that they are still investigating the outflows and have paused all withdrawals.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We’ll keep you posted with further updates”, WazirX said.
Exploits have been known to be one of the prevailing cyber security threats in the crypto sector over the years. In a similar incident this year, the Kraken exchange lost about $3 million from its wallets following a bug-related exploit.