Beosin: The administrator's private key of the wazirx multi-signature wallet was leaked, resulting in the theft of assets
Beosin Alert monitoring and warning system discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the exchange's multi-signature wallet administrator and modified the wallet's logical contract to execute incorrect logic in order to steal assets. Based on the attacker's behavior, it is speculated that the reason for the attack was the leakage of the administrator's private key for the multi-signature wallet. Beosin's analysis of the attack is as follows:1. The attacker deployed an attack contract that extracts the specified token assets of this contract.2. The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logical contract to the already deployed attack contract.3. The attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the mechanism of the proxy mode, the wallet contract will use delegatecall to call the relevant functions of the attack contract, transferring the wallet tokens.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bankrupt Cryptopia Exchange to Refund $225 Million to Its Clients
US approves dual ETFs based on Bitcoin and Ethereum
European Crypto Exchanges to Delist USDT by December 30
German Regulators Crack Down on Worldcoin Data Practices
The World Foundation is seeking clarity on whether its Privacy Enhancing Technologies (PETs) meet the EU’s standards for anonymization.