July 22, 2024
By Anjali Kochhar
WazirX, an Indian cryptocurrency exchange, suffered a serious security breach where hackers stole funds worth over $230 million by taking advantage of a multisignature wallet. WazirX has stopped withdrawals until it looks into the matter because of the large attack, which has sparked worries about the safety of cryptocurrency holdings on the platform.
The breach involved unauthorised transfers from one of WazirX’s multisig wallets to an unknown address identified as “0x04b2,” according to blockchain tracking platform Lookonchain. The compromised wallet held a variety of digital assets, including Shiba Inu (SHIB), Pepe Coin (PEPE), Ethereum (ETH), and Polygon (MATIC). In response, WazirX has temporarily paused INR and crypto withdrawals to protect users’ assets and is actively working to address the situation.
The stolen assets have been swiftly liquidated by the hackers. Reports indicate that the wallet has offloaded approximately 640.27 billion PEPE tokens, valued around $7.6 million. Additionally, significant amounts of other cryptocurrencies were transferred, including 20.5 million MATIC tokens worth $11.2 million, 5.4 trillion SHIB tokens valued at $102.1 million, and 15,298 ETH, which is equivalent to $52.5 million. These transactions have heightened user anxiety over the safety of their funds.
On July 18, 2024, Cyvers Alert detected suspicious transactions involving WazirX’s Safe Multisig wallet on the Ethereum blockchain. These transactions, totaling about $234.9 million, were flagged due to their association with Tornado Cash, a decentralized protocol known for enhancing privacy in transactions. The use of Tornado Cash complicates efforts to trace the origins and destinations of the stolen funds.
The hackers have since converted a substantial portion of the stolen assets into Ethereum, with notable swaps including Tether (USDT), Pepe Coin, and Gala (GALA). The new address holding these assets also shows a diverse portfolio, including $4.7 million in Floki (FLOKI), $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).
The involvement of Tornado Cash underscores challenges in tracking and regulating funds within decentralised finance (DeFi) ecosystems. This incident raises serious concerns about potential money laundering and illicit activities, highlighting the need for enhanced regulatory measures in the crypto space.
WazirX has assured users that their funds are secure and continues to update them on the progress of the investigation. The exchange is working to restore normal operations and ensure the safety of its users’ assets.
About the author
Anjali Kochhar covers cryptocurrency stories in India as well as globally. Having been in the field of media and journalism for over three years now, she has developed a sharp news sense and works hard to present information that goes beyond the obvious. She is an avid reader and loves writing on a wide range of subjects.
