During a recent hack of India-based crypto exchange WazirX, a total of $235 million was lost in what was described as a breach on the exchange’s network. Multiparty computation (MPC) wallet provider Liminal, whose infrastructure remained safe during the incident, provided a detailed post-mortem report on July 19. The report clarified that the breach was due to compromised devices within WazirX’s network and not the fault of Liminal’s user interface.
According to Liminal’s report, the hack occurred because three of WazirX’s devices were compromised, allowing the attacker to exploit the multi-signature wallet system set up by Liminal. The attacker manipulated legitimate transaction details provided by the compromised devices to initiate fraudulent transactions and transfer funds from the multisig wallet to their own Ethereum account. Liminal refuted WazirX’s claims that its servers caused incorrect information to be displayed, asserting that the compromised devices were responsible for sending malicious payloads.
While the post-mortem report sheds light on the sequence of events that led to the breach, it leaves some critical questions unanswered. One of the key questions is how the attacker initially gained access to the three WazirX devices. Liminal suggested that a sophisticated man-in-the-middle (MIM) attack or similar client-side compromise may have been responsible for the breach. This raises concerns about the overall security of WazirX’s network infrastructure and the potential vulnerabilities that were exploited by the attacker.
Response and Legal Actions
In response to the hack, WazirX stated that it has reached out to law enforcement and is pursuing additional legal actions to address the breach. The immediate plan of action is to trace the stolen funds and conduct a deeper analysis of the incident in collaboration with forensic experts to recover the customer funds. This proactive approach is essential in mitigating the impact of the hack and restoring trust in the exchange’s security measures.
The recent hack on WazirX serves as a stark reminder of the vulnerabilities that exist in the cryptocurrency industry and the importance of implementing robust security measures to protect user funds. It also highlights the need for increased transparency and cooperation between exchanges, wallet providers, and law enforcement agencies to prevent and mitigate such incidents in the future. By learning from this breach and taking proactive steps to enhance security protocols, crypto exchanges can better safeguard the assets of their users and preserve the integrity of the industry as a whole.
Leave a Reply