Indian crypto exchange WazirX exploited for over $230 million
Quick Take WazirX suffered an exploit resulting in the unauthorized transfer of over $230 million in crypto assets. The exploit targeted the exchange’s multisig wallet, the exchange confirmed.
Cryptocurrency exchange WazirX has suffered a wallet exploit, resulting in the unauthorized transfer of over $230 million worth of crypto assets.
The exploit targeted the exchange’s multisig wallet on the Ethereum network potentially as a result of a private key comprise and drained the funds. To carry out the attack, the perpetrator needed to upgrade the implementation of this Safe Wallet to a malicious contract, security firm Blocksec explained.
The exchange has acknowledged the incident, adding that it's still investigating the outflows and has paused all withdrawals. "We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused," WazirX said .
The compromised funds were moved to an address that has actively begun converting stolen assets, such as PEPE, GALA, and USDT, into ether.
"Looks there is a private key leakage in WazirX exchange. The leaked private keys are used to upgrade a safe multi-sig wallet, which holds a large number of assets, to a malicious contract. Then the malicious contract is used to drain most of the assets in the Safe Wallet," Yajin (Andy) Zhou, co-founder of Blocksec told The Block.
This is a developing story.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bankrupt Cryptopia Exchange to Refund $225 Million to Its Clients
US approves dual ETFs based on Bitcoin and Ethereum
European Crypto Exchanges to Delist USDT by December 30
German Regulators Crack Down on Worldcoin Data Practices
The World Foundation is seeking clarity on whether its Privacy Enhancing Technologies (PETs) meet the EU’s standards for anonymization.