WazirX, a prominent cryptocurrency exchange, recently experienced a sophisticated cyber attack on its multi-signature Ethereum wallet. The attack, which took place earlier this month, raised significant concerns within the crypto community. Although the exchange initially attributed the hack to an issue with its custody service provider, Liminal, subsequent investigations revealed a more complex scenario.
The preliminary investigation conducted by WazirX did not uncover any evidence of compromise on the machines of WazirX signers. The exchange highlighted the fact that their ongoing forensic analysis did not detect any malware or tampering on the signers’ devices. However, the attack involved legitimate signatures, pointing to a potential breach within Liminal’s system.
WazirX outlined two possible scenarios that could explain the breach. The first scenario involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a compromise of their system. The absence of new connection requests to hardware wallets and the use of whitelisted addresses make this scenario more likely. The second scenario entails a compromise of WazirX signers’ devices by malware, but no conclusive evidence has been found to support this theory.
The cyber attack on WazirX resulted in the theft of roughly 45% of the crypto held by the exchange, leading to a temporary halt in operations. Despite the severity of the breach, the exchange assured users that their fiat currency deposits remained secure. WazirX is working closely with relevant authorities to find a viable solution and plans to resume services once the issue is resolved. The exchange is also exploring potential partnerships to compensate affected customers.
Cybersecurity experts have raised concerns about the possible involvement of the North Korean Lazarus Group in the WazirX hack. The Lazarus Group is notorious for its advanced cyber attacks on financial institutions and crypto exchanges. The incident underscores the growing challenges of securing multi-signature wallets, particularly the risks associated with blind signing, where transaction details are not displayed on hardware wallets.
WazirX emphasized that the malicious transactions did not originate from its servers, pointing to a potential breach of Liminal’s security protocols. The exchange has implemented industry-standard best practices, such as verifying website URLs, using reputable platforms, and employing multi-factor authentication. The incident serves as a reminder of the importance of continual vigilance and proactive security measures in safeguarding cryptocurrency assets.
The security breach at WazirX underscores the evolving nature of cyber threats facing cryptocurrency exchanges. While the exchange has taken steps to investigate the incident and enhance its security measures, the incident highlights the need for ongoing vigilance and collaboration within the crypto community to safeguard against future attacks.
