Indian-based cryptocurrency exchange WazirX recently fell victim to a significant security breach, resulting in the unauthorized transfer of over $230 million of assets. The incident led to the temporary suspension of withdrawals as the exchange worked to investigate and mitigate the breach.
In a subsequent report released by WazirX, preliminary findings shed light on the causes of the exploit. At the same time, blockchain analytics firm Elliptic suggested the potential involvement of North Korea in this sophisticated attack.
WazirX Multisig Wallet Breach
WazirX disclosed that the cyber attack targeted one of their multisig wallets, which utilized the services of Liminal’s digital asset custody and wallet infrastructure since February 2023.
The wallet allegedly had a configuration involving six signatories, including five from the WazirX team and one from Liminal, who were responsible for transaction verifications.
Three WazirX signatories, who employed Ledger Hardware Wallets for added security, were required to approve a transaction, followed by the final approval from Liminal’s signatory.
Related Reading
Additionally, a whitelisting policy was in place to “enhance security,” allowing transactions solely to predefined addresses facilitated by Liminal.
The exchange further disclosed that the breach originated from a “discrepancy” between the data displayed on Liminal’s interface and the actual contents of the transaction.
During the attack, the exchange notes a “mismatch” between the information displayed on Liminal’s interface and what was signed. It is suspected that the payload was manipulated to transfer wallet control to the attacker, enabling them to exploit the vulnerability.
North Korean Affiliation In $235M Breach?
WazirX emphasized its implementation of “robust” security measures, including the Gnosis Safe multi-sig smart contract platform and Liminal’s whitelisting policy. Despite these precautions, the cyber attackers managed to breach the security features and execute the theft.
Looking ahead, the exchange expressed its commitment to protecting customer assets and acknowledged the need for further investigation and reinforcement of security protocols. The exchange concluded by stating the following:
This is a force majeure event beyond our control, but we are leaving no stone unturned to locate and recover the funds. We have already blocked a few deposits and reached out to…
Click Here to Read the Full Original Article at NewsBTC…
