Crypto News

Indian Exchange WazirX’s Multisig Wallet Hacked, $231M Stolen

The Indian cryptocurrency exchange WazirX has reportedly suffered a major security breach, with its multisig wallet suspected to be compromised.

Over 200 tokens were stolen, resulting in a total loss of approximately $231 million.

Some of the stolen funds from WazirX were traced to ChangeNOW and Binance. The deposit address of the exploiter at Binance is 0xf92949ab576ac2f8dc9e4650e73db083f1f9cd9f.

The attack appears to have been executed by an attacker who obtained the admin signature data from WazirX’s multisig wallet. The attacker then modified the wallet’s logic contract, making the wallet execute incorrect logic to steal assets. The attacker’s address is identified as 0x6eedf92fb92dd68a270c3205e96dccc527728066.

The attacker deployed an attack contract at address 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. This contract’s function was to withdraw specified token assets from it. By obtaining signature data from the WazirX multisig wallet, the attacker modified the wallet’s logic contract to the pre-deployed attack contract.

Subsequently, the attacker submitted a token withdrawal transaction to the WazirX multisig wallet. Due to the proxy pattern mechanism, the wallet contract used delegatecall to call the relevant functions of the attack contract, effectively transferring the wallet’s tokens to the attacker.

Affected Tokens From WazirX Recent Hack

The stolen assets include significant amounts of various tokens:

  • 5.43 trillion SHIB ($102 million)
  • – 15,298 ETH ($52.5 million)
  • – 20.5 million MATIC ($11.24 million)
  • – 640.27 billion PEPE ($7.6 million)
  • – 5.79 million USDT
  • – 135 million GALA ($3.5 million)

This incident has raised serious concerns about the security of multisig wallets and the vulnerabilities that can be exploited by sophisticated attackers. WazirX is currently investigating the breach and working with authorities and other exchanges to trace and recover the stolen funds.

The cryptocurrency community is urged to stay vigilant and take necessary precautions to protect their assets in light of this significant breach.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.

Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!

Image Source: Max Bender/Unsplash // Image Effects by Colorcinch

Leave a Comment

Your email address will not be published. Required fields are marked *

*