WazirX Hit With Security Breach With $234.9 Million Said to Be at Stake; Withdrawals, Deposits Halted
As per Cyvers, the address to which funds from WazirX were moved has already managed to swap PEPE, GALA, and USDT tokens to Ether.
Photo Credit: / WazirX
WazirX has not yet commented on the safety of user funds saved on the platform
Highlights
- WazirX was founded in March 2018
- The sum has reportedly been moved to an address linked to Tornado Cash
- WazirX’s latest proof of reserve showed total holdings at Rs. 4,203 crore
WazirX crypto exchange confirmed Thursday that one of its multi-signature wallets had suffered a security breach. The Indian exchange was first informed about a possible breach by security firm Cyvers Alerts through a post on X. Cyvers, in its post, noted that a sum of $234.9 million (roughly Rs. 1,965 crore) was suspiciously moved from the exchange to a new address linked to the controversial crypto mixer platform, Tornado Cash.
In an official statement addressing the incident, WazirX said: “We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident.” For now, WazirX has suspended all withdrawal and deposit services on its platform.
As per Cyvers, the address to which funds from WazirX were moved has already managed to swap PEPE, GALA, and USDT tokens to Ether. In a screenshot shared by the security firm, the malicious actor moved the hefty amount through three transactions, with exploit level showing as ‘critical’ on Cyvers’ software.
- How AppChains Could Transform Web3 and Blockchain Technology
:rotating_light:ALERT:rotating_light:Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.
A total of $234.9M of your funds have been moved to a new address. Each transaction’s caller is funded by @TornadoCash.
The suspicious… pic.twitter.com/4sajAwd4Hb— :rotating_light: Cyvers Alerts :rotating_light: (@CyversAlerts) July 18, 2024
Gadgets360 reached out to Cyvers to understand more about the breach and is yet to receive an explanation on how a multi-sig wallet became the hotspot for this attack in the first place. Multi-signature wallets require two or more private keys (signatures) from different co-signers to authorise a transaction.
WazirX has not yet commented on the safety of user funds saved on the platform despite several users asking about the same under the exchange's situation update on X. The crypto exchange is also yet to confirm the amount claimed to have been moved from its platform to the suspicious address.
- Why the Web3 Industry Is Asking the RBI to Define Crypto-Banking Relations
“Thank you for your patience and understanding. We'll keep you posted with further updates,” the platform noted.
User's funds are safe??
— Zia ul Haque (@ImZiaulHaque) July 18, 2024
As per its blog, WazirX has a userbase of over 16 million. Earlier in June 2024, the exchange had published its latest proof-of-reserve that showed its total holdings valued at Rs. 4,203 crore.
The report, at the time, had claimed that WazirX maintained a reserve-to-liabilities ratio exceeding 1:1 to meet withdrawal demands even in unforeseen circumstances
Affiliate links may be automatically generated – see our ethics statement for details.