Let’s explain the WazirX hack in simple terms using an everyday example:
Imagine a Bank Safe with Multiple Keys:
Let’s say there is a safe in a bank that holds valuable items (in this case, cryptocurrency). This safe requires three people (bank managers) to use their individual keys to unlock it. This is similar to how WazirX uses a multisignature (multisig) wallet, where multiple approvals (or signatures) are needed to transfer funds.
The Safe Upgrade:
One day, a group of clever robbers learns that this bank is planning to upgrade the safe, perhaps to make it more secure. The robbers find a way to sneak into the bank’s system and trick the bank into installing a fake upgrade. This fake upgrade doesn’t look suspicious to the managers. To them, it still looks like the same safe and operates as it should, but secretly, the robbers have made it so they can unlock the safe from the outside, without anyone noticing.
In WazirX’s case, this “fake upgrade” was an attacker who changed the smart contract (the digital lock on the cryptocurrency wallet). This trick allowed the attacker to take control of the wallet while making it appear normal to WazirX.
Approval of the Robbery:
Now, imagine the bank managers are asked to sign off on a transaction to transfer money from the safe to a specific account. The managers look at the transaction, and it seems perfectly legitimate. They recognize the account and the amount, so they approve it using their keys (or signatures).
In reality, though, the information they see has been tampered with. Even though it looks like the money is being sent to a trusted account, it’s actually going to the robbers. The robbers have managed to make it look like nothing unusual is happening.
In the WazirX hack, the attackers used “blind signing”. This means that when the WazirX managers (the signers) approved the transaction, they couldn’t see the full details of where the funds were going. The attackers took advantage of this blind spot and transferred the funds to themselves without raising any alarms.
What Happened Next:
Once the robbers got control of the safe, they drained 45% of the money inside. In WazirX’s case, this amounted to 45% of the cryptocurrency assets being stolen.
Why Didn’t Anyone Notice?
- The system WazirX used (through the external custody provider Liminal) was tricked into thinking everything was normal.
- The bank managers (or signers at WazirX) saw what they believed were legitimate requests.
- The robbers (hackers) used an advanced trick to hide the real destination of the money.
In simple terms, the hackers exploited a weakness in the way the wallet was upgraded, much like tricking a bank into installing a fake lock on their safe.
Summary:
- The safe = WazirX’s cryptocurrency wallet.
- The keys = Signatures needed to approve transactions.
- The fake upgrade = A smart contract manipulation by the attackers.
- The blind signing = The trick that made the WazirX managers approve the transaction without seeing the full details.
- The theft = The hackers secretly transferred a large portion of funds to themselves.
This hack was complex, and even though WazirX had security measures in place (just like the multiple managers with keys), the attackers found a way to bypass those protections.
The July 18, 2024, WazirX hack involved a sophisticated exploitation of a vulnerability within the platform’s smart contracts. Here’s a detailed explanation of how the attack occurred:
1. Multisig Wallet Setup:
WazirX utilized a multisignature (multisig) wallet managed by an external custody provider called Liminal. In a multisig wallet, multiple approvals (or signatures) are required to authorize a transaction. This system adds an extra layer of security, as no single individual can unilaterally move funds.
2. Smart Contract Exploitation:
The attackers leveraged smart contract vulnerabilities. On July 10, 2024, attackers created malicious smart contracts but did not immediately interact with WazirX’s systems. The key aspect of the hack was that the attackers successfully tricked WazirX’s custodial system into upgrading smart contracts that control the wallet. This upgrade allowed the attackers to gain administrative control over the funds in the wallet.
3. Approval of Malicious Transactions:
Through this smart contract upgrade, the attackers managed to redirect control of the multisig wallet without triggering any alarms on WazirX’s end. The attackers used legitimate whitelisted addresses and blind signing techniques, which means the actual destination of the funds was obscured to WazirX’s signatories. The signatories saw familiar token names like USDT (Tether) and destination addresses on their interface but did not realize that the contract had been manipulated.
4. Why Multisig Security Failed:
In this case, the blind signing vulnerability was exploited. Blind signing is a limitation where hardware wallets don’t display the full transaction details, such as the destination address or token specifics. Thus, WazirX’s signatories unknowingly signed off on the transfer of funds to the attackers. The exact mechanism that allowed the attack involved manipulating the information seen by WazirX’s signers through Liminal’s interface, which displayed only partial details of the transaction.
5. Potential Breach of Custodial System:
The attack most likely involved a breach of Liminal’s infrastructure. Although WazirX’s servers and systems were not compromised directly, the attackers managed to infiltrate Liminal’s custody interface, which facilitated the transaction. This allowed the attackers to bypass the multisig protections by executing the transaction as if it were legitimate.
6. Implications:
The attackers transferred a significant portion of WazirX’s crypto assets, which amounted to about 45% of its holdings. As of now, detailed forensic analyses are being conducted to understand whether this attack was a result of a malware infection on the signatories’ devices or a breach of Liminal’s custody infrastructure. Experts are also investigating the possibility that the Lazarus Group, known for its advanced cyberattacks on crypto exchanges, may be involved.
7. Why It Happened:
- The use of blind signing and reliance on external custody services created a vulnerability.
- The multisig system was not breached directly, but the custodial infrastructure was compromised.
- The attackers manipulated smart contracts in such a way that they gained control over the funds without raising immediate alarms.
In summary, the WazirX hack was a multi-layered attack that exploited vulnerabilities in smart contracts and custody systems, allowing the attackers to bypass multisig protections and drain a significant amount of funds from the exchange.
WazirX, one of India’s largest cryptocurrency exchanges, suffered a cyberattack on July 18, 2024, leading to significant financial loss and user frustrations. Here’s a breakdown of what happened:
- Attack Method: The attackers exploited a vulnerability by upgrading smart contracts, gaining unauthorized control over WazirX’s funds. Although WazirX’s infrastructure wasn’t directly breached, the attack likely involved the external custody provider, Liminal, which manages multisig wallets for the platform.
- Impact: Approximately 45% of WazirX’s crypto assets were compromised, but INR balances were unaffected. WazirX users faced withdrawal restrictions, initially with only 66% of their funds accessible.
- Suspected Group: The attack bore the hallmarks of the notorious Lazarus Group, a well-known cybercriminal organization that has been linked to numerous sophisticated cyberattacks, including those on other crypto exchanges.
- Ongoing Investigation: WazirX is working with cybersecurity experts and law enforcement agencies to investigate the incident. They are focusing on improving security practices, especially around multisig Ethereum wallets, which are vulnerable to similar attacks.
The hack has caused significant concern among users, many of whom are uncertain about the recovery of their assets. WazirX is exploring legal protection options, though full recovery remains unlikely for many users.
Keyword : wazir x breach, wazirx, crypto, cryptocurrency, wazirx hacked, wazirx hack, wazirx news, indian crypto exchange wazirx hacked, wazirx hack news, wazirx security breach, security breach, security breach analysis, security breach review, security breach theory, crypto exchange wazirx hacked, wazirx hack what to do, wazirx hack latest news, wazirx hack update