- WazirX breach happened on July 18, not earlier with Misinfo about an 8-day prior breach is incorrect.
- Attackers upgraded WazirX’s multi-sig wallet to a malicious version, draining over $230M USD.
- Phishing likely occurred via compromised wallets or custody systems, not a UI breach.
Confusion and misinformation initially surrounded the WazirX hack, but it is now confirmed that hackers stole over $230 million from the cryptocurrency exchange on July 18th by compromising the platform’s multi-signature wallet.
Contrary to early reports, this was not an extended breach but a sophisticated, well-planned attack, raising alarms about the vulnerability of digital assets to increasingly sophisticated cyberattacks.
The incident involved the compromise of WazirX’s multi-signature wallet, secured by four signers from two companies. Attackers exploited vulnerabilities by upgrading the wallet to a malicious version, enabling them to drain over $230 million .
Speculation that the breach happened eight days prior was in fact false. Hackers had practiced their attack on non-WazirX contracts even before targeting the actual wallet. Therefore, any claims suggesting an extended period of breach were unfounded. The real attack happened July 18, as confirmed by WazirX CEO, Nischal Shetty.
The methodical attack suggests a highly organized group, possibly linked to North Korea . Hackers did not immediately drain funds, instead practiced their approach, indicating a strategic methodology. This was crucial as they needed to compromise two of four private keys and use phishing for the rest.
Phishing likely succeeded through a compromised wallet or a breach of custody providers’ systems. The attackers obtained signatures by deceiving two of the four signers, tricking them into authorizing what appeared to be routine transactions. With these signatures, they upgraded the wallet to a malicious contract, enabling them to move funds.
Current theories suggest a breach of WazirX laptops is more plausible than a compromise of the custody UI. That was because the UI typically does not handle payload generation or validation, which are backend processes. Both WazirX and Liminal Custody have been actively analyzing the breach, even seeking external expertise.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
