News

Will investors get their money back?

Published

6 months ago

on

WazirX Hack Update: On Thursday, July 18, 2024, India’s largest cryptocurrency exchange experienced a devastating security breach. The attack resulted in the loss of over $230 million worth of crypto assets. As a result, users of the cryptocurrency exchange were concerned about their holdings and whether CEX would be able to recover the stolen funds.

WazirX Hack: What Exactly Happened?

WazirX announced via its social media platform X that one of its multisig wallets had been compromised. This wallet was secured using Liminal’s digital asset custody and wallet infrastructure, and had been operational since February 2023. The wallet required multiple signatories for transaction approval: three from the exchange and one from Liminal.

WazirX Wallet Breach Details, Source: Cyvers Alert | X

However, despite these security measures, attackers exploited a discrepancy between the data displayed on Liminal’s interface and the actual contents of the transaction. This allowed the attackers to replace the transaction payload, thereby taking control of the wallet.

The breach specifically targeted the Indian exchange’s Ethereum multisig wallet, affecting both Ethereum (ETH) and ERC-20 tokens. The attackers managed to directly steal 15,298 ETH. The exploiter then traded other assets such as Shiba Inu (SHIB)Polygon (MATIC) and Pepe Coin (PEPE) tokens, totaling 59,097 ETH, valued at $206.7 million at press time.

WazirX Provides Update on Hack, Takes Immediate Action

In response to the breach, the exchange quickly suspended INR and cryptocurrency withdrawals to protect the remaining assets. Additionally, it filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In, India’s nodal agency responsible for responding to cyber incidents. Additionally, it also contacted over 500 exchanges to block the addresses identified as involved in the theft.

Additionally, multiple exchanges are reportedly cooperating with the investigation. Preliminary findings from the exchange and ongoing investigations suggest that this is a sophisticated cyberattack that exploited the interface and transaction verification process managed by Liminal.

WazirX and Liminal have both engaged in a blame game, each accusing the other of security breaches. Liminal maintains that its infrastructure was not compromised. Additionally, they have accused the other of committing a breach due to vulnerabilities on the exchange’s side.

Read also : Breaking News: Liminal Takes No Responsibility for $230 Million WazirX Wallet Hack

WazirX’s Recovery Efforts

The path to recovering the stolen funds is fraught with challenges. On-chain analytics firm Spot on Chain reported that the hacker Ethereum The assets have increased significantly following the liquidation of the stolen assets. In particular, the hacker used Tornado Cash, a mixing service, to mask the origin and destination of the funds. This complicates efforts to trace and recover the assets.

WazirX Hacker Wallet Overview, Source: Spot On Chain

In another update on the hack, WazirX said that they are working with forensic experts and law enforcement agencies. They aim to recover the stolen funds and identify the perpetrators. They have also received support from the crypto community. Therefore, several individuals and entities are offering their help in the process of recovering the funds.

Despite these efforts, the nature of the cyberattack and the use of mixing services like Tornado Cash make recovering stolen assets a daunting task. However, the majority of the stolen funds, converted to Ethereum, still reside in the hacker’s wallet.

The embargo on these wallets by various cryptocurrency exchanges might have led to the stagnation of funds. This rightly offers some hope for a successful recovery of the funds. However, if the hacker manages to transfer the ETH funds to Tornado Cash, the chances of a recovery might become slim.

Adding an additional layer of complexity to the situation, the notorious North Korean hacking group Lazarus is suspected of being behind the attack. WazirX ExploitThis group has been linked to numerous high-profile cyberattacks targeting cryptocurrency exchanges and financial institutions around the world. If Lazarus is indeed involved, it underscores the sophisticated and international nature of the threat. This could further complicate recovery efforts.

Here’s What WazirX Investors Need to Know

For investors, the first concern is whether they will be able to get their money back. Here are the main factors that will influence the outcome:

1. Search and recovery efforts:

Successful forensic investigations and collaboration with law enforcement and other exchanges will be critical. Identifying fund flows and freezing or recovering assets requires advanced cybercrime techniques and international cooperation. Given that WazirX’s hack update indicates active involvement of the forensic team, there is a high chance that investors will be able to get their money back.

2. Community support:

Involving the entire crypto community, including exchanges and blockchain analytics companies, can significantly improve the chances of tracing and recovering stolen assets. Additionally, the Indian exchange has reached out to over 500 CEXs for cooperation, which could speed up recovery.

3. Legal actions:

The outcome of legal actions taken by the exchange, including filing a complaint with the police and reporting to regulators, will also play a crucial role. These actions can help apprehend the perpetrators and possibly recover some of the stolen funds.

4. Compensation plans:

In the event that the stolen funds cannot be fully recovered, the CEX may need to develop compensation plans for affected investors. This may involve using insurance policies, establishing a recovery fund, or other means to mitigate the impact on investors.

5. Use of Tornado Cash:

The famous crypto-mixer was used by WazirX Exploiters. Therefore, if they manage to transfer the stolen crypto assets to Tornado Cash, a recovery could be almost impossible. Thus, the exchange platform must freeze the wallets of the exploiters and recover the funds before such an incident occurs.

6. Not an inside job:

Nischal Shetty, founder of WazirX, refuted the allegations that an insider was involved in the hack. If it was an inside job, recovery could have been much easier. However, the involvement of a sophisticated hacking group and platforms like Tornado Cash makes the task more difficult.

In a post on X, he clarified: “The cyberattack was driven by a discrepancy between the data displayed on the Liminal interface and the actual contents of the transaction. During the cyberattack, there was a mismatch between the information displayed on the Liminal interface and what was actually signed. We suspect that the payload was swapped to transfer control of the wallet to an attacker.”

Latest Update on WazirX Hack

In a latest update on the hack, the WazirX founder outlined a series of measures to address the breach and recover the stolen assets. Shetty spoke to X and informed the public about the steps taken by the exchange team. “We are preparing a bounty program to help us freeze/recover the stolen assets,” Shetty announced.

In addition, the exchange is in constant talks with several teams that claim to be experts in tracking the movement of funds. “We have informed all the other exchanges. Some have responded, some have not yet responded. We are following up. Their support in recovery will be crucial as the stolen funds move,” he added.

The exchange is also analyzing the data to fully understand the extent of damage caused by the attack and coordinating with law enforcement and regulators. “This is an unprecedented attack on one of the largest cryptocurrency exchanges in India. It has negatively impacted the entire Web3 ecosystem,” Shetty noted. He also expressed gratitude to the community for their support.

Shetty stressed the need for a collective effort from the Web3 ecosystem to navigate through this difficult time. “If we come together as an ecosystem, we can find a solution that will help us preserve the ethics of Web3 communities and bring hope to the future participants of this ecosystem,” he concluded.

Read also : WazirX Hack Update: Firm Working With 500 Exchanges, FIU To Recover Funds

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version