Jump to content

2024 WazirX hack

From Wikipedia, the free encyclopedia
2024 WazirX hack
DateJuly 18, 2024
TypeCyberattack
SuspectsLazarus Group

India-based WazirX, a cryptocurrency exchange was hacked in early days of July 2024, leading to the loss of approximately $234.9 million (around Rs 2000 crore) in investor funds.[1][2] The exchange ceased to operate on 18 July 2024.[3]

Hack

[edit]

On 18 July 2024, $234.9 million worth of crypto assets have been taken out of the exchange and sent to a new address by North Korean hackers belonging to Lazarus Group.[4][5]

Modus operandi

[edit]

WazirX's multisig wallet, controlled by five WazirX and one Liminal signature, required three WazirX and one Liminal signature to initiate transactions. Hackers created a fake WazirX account, deposited tokens, and began purchasing Gala (GALA) tokens. After draining the hot wallet, they accessed the cold wallet. When WazirX signatories accessed the multisig wallet, the hackers altered the smart contract controlling it. Once modified in their favor, the attackers gained full control, no longer needing WazirX's keys, and drained all the funds.[6] Before the attack, the crypto exchange stated in its June 2024 proof-of-reserves disclosure that it had about $500 million in digital assets.[7]

On 18 July 2024, the exchange suspended crypto trading.[8][9]

Litigations

[edit]
  • On August 29, 2024, the rival company CoinSwitch sued WazirX for failing to recover its trapped funds of $9.65 million.[10][11]

References

[edit]
  1. ^ "What went wrong with WazirX? India's biggest crypto hack". 2 August 2024.
  2. ^ Venugopal, Sahana (3 September 2024). "WazirX Cyberattack: What is WazirX's legal status after a $230 million wallet hack?". The Hindu.
  3. ^ "WazirX cryptocurrency exchange halts withdrawals after security breach". The Indian Express. 2024-07-18. Retrieved 2024-07-31.
  4. ^ Shukla, Siddharth (2024-07-18). "WazirX Pauses Crypto, Rupee Withdrawals After Wallet Breach". Bloomberg.com. Retrieved 2024-07-31.
  5. ^ Anand, Vijay (2024-07-29). "North Korean Lazarus Group linked to $235 million WazirX crypto breach - CNBC TV18". CNBCTV18. Retrieved 2024-07-31.
  6. ^ Anupam, Suprita (2024-09-25). "The End Of WazirX: The $234 Mn Heist, Nischal Shetty Under Fire And The Blame Game". Inc42 Media. Retrieved 2024-09-26.
  7. ^ "WazirX crypto exchange hack: how much of the assets was lost, CEO Nischal Shetty's announcement, and what happens next". The Hindu. 2024-07-29. ISSN 0971-751X. Retrieved 2024-07-31.
  8. ^ Singh, Manish (2024-07-21). "WazirX halts trading after $230 million 'force majeure' loss". TechCrunch. Retrieved 2024-08-31.
  9. ^ Sharma, Manoj (2024-07-10). "WazirX halts trading, announces $23 mn bounty after hackers steal $234 mn. Key updates". www.fortuneindia.com. Retrieved 2024-08-31.
  10. ^ Singh, Manish (2024-08-28). "CoinSwitch sues WazirX to recover trapped funds". TechCrunch. Retrieved 2024-08-31.
  11. ^ "India's Crypto app CoinSwitch sues WazirX: We are now taking steps, including ..." The Times of India. 2024-08-29. ISSN 0971-8257. Retrieved 2024-08-31.