We do the research, you get the alpha!
Get exclusive reports and access to key insights on airdrops, NFTs, and more! Subscribe now to Alpha Reports and up your game!
Go to Alpha Reports
The attack that caused WazirX, the largest crypto exchange in India, to lose more than $230 million has been attributed to North Korea-based actors by cybersecurity firm Elliptic.
Meanwhile, WazirX has published its own analysis of the exploit in a July 18 preliminary incident report and on Friday morning wrote on Twitter that it has filed a police report.
WazirX explained in its report that the incident saw one of the firm’s multi-signature wallets send funds to a non-whitelisted address. The firm says this happened because a whitelisted address was shown on the interface of multi-signature asset custody platform Liminal, even though the funds were really being sent to a different address.
📢 Update: In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.
» Immediate Actions: We have reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 19, 2024
According to the Liminal team, WazirX’s multi-sig wallets were created “outside of the Liminal ecosystem.” In its own report on Twitter, the team said that “Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe.”
This seems to suggest that the client device used to access Liminal’s multi-signature asset management platform might have been breached in order to display an address different than the one it should have. Still, WazirX claims that the “whitelisted addresses were earmarked and facilitated on the interface by Liminal.”
Update: Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets…
— Liminal Custody🚀 (@liminalcustody) July 18, 2024
WazirX wrote in its report that the attack stemmed from “a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents.” The crypto exchange says it witnessed a mismatch between the information displayed on Liminal’s interface and what was actually signed.
“We suspect the payload was replaced to transfer wallet control to an attacker,” WazirX wrote.
The exchange seems to be suggesting a failure on the custody service provider’s part in approving a transaction with their multisignature address that to a non-whitelisted address. Still, Liminal’s report suggests that the multisignature wallet itself was compromised and that it was created outside the firm’s purview—which could put the responsibility solely on the exchange.
Neither WazirX nor Liminal immediately responded to a request for comment from Decrypt.
Elliptic estimates the loss to be about $235 million composed of more than 200 different assets. That includes about $97 million worth of Shiba Inu (SHIB), $52.6 million worth Ethereum (ETH), $11 million of Polygon (MATIC), and $7.6 million of Pepe (PEPE).
A portion of those assets were already swapped for ETH using a number of decentralized exchanges, an expected first step in laundering hack proceeds. “On-chain analysis and other information reviewed by Elliptic indicates that this hack was perpetrated by hackers affiliated with North Korea,” Elliptic wrote.
DPRK Special Representative of the Foreign Ministry Alejandro Cao de Benos de Les Perez did not immediately respond to a request for comment from Decrypt.
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Source: https://decrypt.co/240604/wazirx-loses-230-million-in-suspected-dprk-hack
