WazirX Hacked: Exchange Blames Liminal’s Infrastructure for $230 Million Heist
In a shocking turn of events, Indian crypto exchange WazirX has been the victim of a massive hack, with attackers draining over $230 million (roughly Rs. 1,924 crore) from one of its multi-signature wallets. The exchange has launched an internal probe and has claimed that its own signers’ machines were not compromised in the attack.
According to WazirX, the hack was facilitated through Liminal’s infrastructure, which failed to screen non-whitelisted addresses and prevent withdrawals. The exchange has alleged that Liminal’s multi-party computation (MPC) wallet was compromised, allowing the hackers to drain the funds.
In a blog post, WazirX noted that the attack involved the flow of transactions through Liminal’s infrastructure, and that the malicious transaction was not sent to any of the destination addresses in the whitelisted addresses, which should have been prevented by Liminal’s firewall and whitelist policy.
The exchange has also denied social media claims that it signed any suspicious transactions eight days before the hack, which might have set the stage for the attack. As part of its preliminary investigation, WazirX has not been able to find any malicious malware on its systems.
WazirX has paused all trading, deposit, and withdrawal services from its platform and is working with law enforcement agencies to get to the bottom of the attack. The exchange has also launched a bounty programme, offering $23 million (roughly Rs. 192 crore) in White Hat Bounty to the hacker for returning the stolen funds, as well as USDT worth $10,000 (roughly Rs. 8.3 lakh) to those who can help identify the stolen funds and freezing them.
Indian Web3 analysts suspect that North Korea’s infamous Lazarus Group could be responsible for facilitating this sophisticated attack, but confirmation is still awaited. The hacker stole the amount through a total of 203 crypto assets, including Ether, Tether, Pepecoin, Gala, Polygon, and Shiba Inu among others, and WazirX is reaching out to the teams managing these cryptocurrencies asking for assistance in tracing the funds.
The Indian government, including the Finance Ministry, has remained silent on the hack, which has put funds worth over $230 million in jeopardy. WazirX has sounded an alert to the Central Bureau of Investigation (CBI), which also trusts Liminal to hold crypto assets seized during investigations.
The incident has sent shockwaves through the crypto community, highlighting the importance of robust security measures and the need for increased cooperation between exchanges and law enforcement agencies to combat cybercrime.
