コインチェーン

仮想通貨・Web3ニュース・投資・教育情報

WazirX Breach Post-Mortem: Dismantling the $230M Attack

Jul 23, 2024 #仮想通貨
WazirX Breach Post-Mortem: Dismantling the 0M Attackコインチェーン 仮想通貨ニュース

A detailed analysis of the WazirX hack reveals how the attackers managed to steal over $230 million from the exchange’s multisig wallet.

Points

  • WazirX lost over $230 million in a major cyberattack.
  • The attack exploited discrepancies in Liminal’s multisig wallet interface.
  • Security measures like Gnosis Safe multisig and whitelisting were bypassed.
  • The breach highlights the need for stronger crypto regulation in India.
  • WazirX is working with cybersecurity teams to recover the stolen funds.

In one of the most significant cyberattacks of the year, WazirX, an Indian cryptocurrency exchange, lost over $230 million from a multisig wallet. The attack targeted a wallet that used Liminal’s digital asset custody and wallet infrastructure since February 2023.

The wallet had six signatories: one from Liminal and five from WazirX, ensuring secure transactions through required multiple approvals. However, the breach occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. During the attack, the payload was replaced, allowing the hacker to gain control of the multisig wallet and steal funds.

Despite using security measures like the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack exploited these defenses. The Liminal Custody team confirmed that their platform was not breached and that its assets, wallets, and infrastructure remain safe.

India’s regulatory landscape for crypto remains underdeveloped, with no specific guidelines for security measures, risk management, and consumer protection. Joanna Cheng, associate general counsel at Fireblocks, highlighted the need for clear regulatory frameworks to hold exchanges accountable.

Following the attack, WazirX outlined the details of the breach in a post on X, assuring stakeholders that efforts are ongoing to retrieve the stolen assets. Describing the attack as a “force majeure event,” WazirX explained that despite taking “all necessary steps to protect customer assets,” the theft still occurred. They are currently working with cybersecurity teams to locate and recover the funds and have promised to keep the community updated.

解説

  • The WazirX hack exploited discrepancies in Liminal’s multisig wallet interface, allowing attackers to replace the transaction payload and steal over $230 million.
  • Security measures such as Gnosis Safe multisig and whitelisting were bypassed, highlighting the need for stronger defenses.
  • The breach underscores the importance of clear regulatory frameworks for crypto in India to ensure accountability and protect consumers.
  • WazirX is actively working with cybersecurity experts to recover the stolen funds and has committed to keeping stakeholders informed.
  • The incident serves as a reminder of the vulnerabilities in crypto exchanges and the ongoing need for robust security measures.