In a major cyberattack that has made headlines this year, WazirX, a cryptocurrency exchange based in India, has suffered a loss of over $230 million from a multisig wallet. The attack targeted one of WazirX’s multisig wallets, which has been utilizing Liminal’s digital asset custody and wallet infrastructure since February 2023. The wallet, which had six signatories – one from Liminal and five from WazirX – was designed to ensure secure transactions through multiple approvals.
The breach of the wallet occurred as a result of discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. During the attack, the payload was manipulated, allowing the hacker to take control of the multisig wallet and steal the funds held within it. Despite the implementation of security measures such as the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack managed to exploit these defenses.
Liminal Custody, in a statement to Cointelegraph, confirmed that their platform was not breached and reassured users that their assets, wallets, and infrastructure remain secure.
The incident has shed light on the regulatory challenges faced by the cryptocurrency industry in India. Joanna Cheng, associate general counsel at Fireblocks, highlighted the absence of specific guidelines for security measures, risk management, and consumer protection in the country’s regulatory framework. Indian Prime Minister Narendra Modi addressed this issue at the G20 Summit in August 2023, calling for a global crypto framework to address the global impact of emerging technologies like blockchain and cryptocurrencies.
In response to the attack, WazirX issued a statement on July 18, providing details of the incident and assuring stakeholders that efforts are underway to recover the stolen assets. The company described the attack as a “force majeure event” and explained that despite taking all necessary precautions to protect customer assets, the theft still occurred. WazirX is currently collaborating with cybersecurity teams to locate and retrieve the funds and has promised to keep the community informed through further updates.
The WazirX hack has revealed that the hackers had prepared for the attack for eight days prior to its execution and had deceived others by creating counterfeit fiat currency for USDT, as reported by Asia Express.