The $235 million hack on WazirX has raised serious concerns about exchange security and the future of India’s crypto industry. This article explores the details of the hack and its broader implications.
Points
- Major Security Breach: Details of the $235M hack on WazirX.
- Stolen Funds: Breakdown of the cryptocurrencies stolen.
- Immediate Response: WazirX’s actions to mitigate the damage.
- Impact on India’s Crypto Sector: Potential consequences for the industry.
- Regulatory and Security Measures: Need for improved security and regulatory compliance.
The massive $235M hack on the Indian cryptocurrency exchange WazirX on July 18 has raised serious questions about exchange security and the future of India’s crypto industry.
Major Security Breach
On July 18, blockchain security firm Cyvers reported that the attacker behind the WazirX hack transferred 16,350 Ether (ETH), valued at over $57 million, to two new cryptocurrency addresses. Most of the funds, over $54 million, were moved to an address beginning with “0x58d.” This transfer represents a significant chunk of the $230 million stolen from WazirX, India’s largest crypto exchange by trading volume, marking it as the second-largest crypto hack of 2024.
ALERT
A total of $234.9M of your funds have been moved to a new address. Each transaction’s caller is funded by @TornadoCash.
https://twitter.com/CyversAlerts/status/1813834131165286464
diverse selection of cryptocurrencies, including Tether (USDT), Pepe (PEPE), and Gala (GALA). The attacker swiftly converted these assets into Ether (ETH) in an attempt to obfuscate the trail of stolen funds.
The exchange’s wallet also contained approximately $100 million in Shiba Inu (SHIB), $52 million in ETH, $11 million in Polygon’s MATIC, and smaller amounts of other tokens.
Immediate Response
In response to the security breach, WazirX immediately suspended withdrawals of both cryptocurrencies and Indian rupees on the platform. The exchange further announced that it was “actively investigating the incident.”
When asked to comment on the situation, Rajagopal Menon, a spokesperson for WazirX, said: “We can’t speak to the press right now. You can get updates from our Twitter handle.”
Impact on India’s Crypto Sector
The hack could have major implications for India’s cryptocurrency sector, which has flourished despite government pressure. Utkarsh Tiwari, the chief strategy officer for Indian cryptocurrency exchange KoinBX, said that a security breach of this magnitude is bound to cause concern as it affects multiple stakeholders in the crypto ecosystem, including retail investors and other exchanges.
He added:
“Under India’s G20 presidency, we have seen our government push for comprehensive and standardized regulations for all global Virtual Assets Service Providers. Furthermore, historically, we have seen the Indian government always prioritize investor protection above all else.”
As a result, Tiwari predicts that Indian digital asset exchanges are likely to invest more heavily in advanced security infrastructure, something he believes can help showcase the resilience and innovation of the Indian digital asset market and community.
Regulatory and Security Measures
India’s crypto industry is anticipating potential relief from the country’s stringent crypto tax regulations. Finance Minister Nirmala Sitharaman will present the Union Budget for the next fiscal year on July 23, and the crypto sector hopes for favorable changes.
Since 2022, India has imposed one of the world’s most severe tax regimes on cryptocurrency, with a flat 30% capital gains tax on profits from digital assets, including non-fungible tokens. Additionally, a 1% tax deducted at source (TDS) is also levied on crypto transactions.
Sumit Gupta, CEO of Indian exchange CoinDCX, has been advocating for a reduction in the TDS rate to 0.01% in the forthcoming budget since these tax measures have significantly impacted Indian crypto exchanges.
How Did The Attackers Gain Access To WazirX?
Meir Dolev, co-founder and chief technology officer of Web3 security firm Cyvers, said that while the exploited vulnerability remains unknown, several key facts have emerged since the event.
First, he noted that WazirX uses a multisig wallet that requires four signatures to execute a transaction.
The exchange also uses Liminal as a custody provider, which provides the last signature on every transaction. Lastly, WazirX’s wallet has a whitelist policy, with only a few wallets it can send funds to.
Dolev outlined the attack vector:
“The attacker used two different addresses, the one that initiated the transaction and the second that received the funds. The one that initiated the transaction needed to pay gas fees so he funded his wallet via Tornado Cash.”
“Eight days before the attack, the hacker also deployed a malicious contract that was later used to change the implementation of the WazirX wallet.”
He further explained that just a few minutes before the first exploit transaction, the attacker managed to change the implementation of their multisig wallet to his malicious contract by using the signatures of WazirX and Liminal custody.
“From that moment, he could execute any transaction without needing WazirX or Liminal to sign on the transaction,” he highlighted.
Dolev speculated that the attacker likely compromised WazirX endpoints or laptops to gain the necessary signatures, possibly employing a user interface (UI) hijack on Liminal’s side.
He stated that WazirX might have thought they were going to sign on a legitimate transaction, and this is what it saw in the UI, which was possibly controlled by the hacker.
Liminal Custody has insisted that its platform remains secure, with its preliminary investigations showing that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem was compromised:
“We can confirm that Liminal’s platform is not breached, and Liminal’s infrastructure, wallets, and assets continue to remain safe.”
North Korean Involvement Suspected
A number of analysts believe that North Korean hackers may be responsible for the incident, adding a layer of geopolitical intrigue to an already complex situation.
Blockchain forensics firm Elliptic previously stated that data pointed toward North Korean involvement, explaining:
“The North Korea attribution is based on analysis of the onchain transactional behavior and other information. There are certain patterns and techniques that are characteristic of this type of actor.”
“This is where my tracing ends as the BTC appears to come from an unknown service making it difficult to trace. All I can say is the WazirX hack has the potential markings of a Lazarus Group attack (yet again).”
https://twitter.com/zachxbt/status/1813896375597490177
Moreover, in the wake of the hack, the cryptocurrency market experienced significant turbulence. Over $100 million worth of SHIB tokens were taken during the hack, causing the price of the popular meme coin to plummet by 10%.
Blockchain analysis platform Lookonchain reported on July 19, one day after the hack, that the attackers had already begun swapping SHIB assets for ETH, selling 35 billion SHIB tokens worth $618,000. At the time, the exploiter had exchanged most of the assets for 43,800 ETH ($149.46 million) and held a total of 59,097 ETH ($201.67 million).
WazirX has taken swift action to mitigate the damage and recover stolen funds. The exchange has filed an official police complaint and is pursuing additional legal actions.
It has reported the incident to the Financial Intelligence Unit and the Indian Computer Emergency Response Team and is contacting over 500 exchanges to block the identified addresses.
The exchange stated:
“Many exchanges are cooperating with us, and we are actively working with them on additional resources to aid our recovery efforts.”
解説
- Security Breach Impact: The massive hack on WazirX has significant implications for the security and trustworthiness of crypto exchanges in India, highlighting the need for improved security measures.
- Regulatory Implications: The incident may prompt stricter regulations and compliance requirements for crypto exchanges in India, aiming to protect investors and prevent future breaches.
- Market Impact: The theft of large amounts of cryptocurrency and the subsequent conversion to ETH have caused market turbulence, affecting the prices of multiple tokens.
- North Korean Involvement: The suspected involvement of North Korean hackers adds a geopolitical dimension to the hack, emphasizing the global nature of cybersecurity threats.
- Future Measures: WazirX’s response, including legal actions and cooperation with other exchanges, aims to recover stolen funds and prevent similar incidents in the future.