The Indian cryptocurrency exchange WazirX suffered a significant security breach early Thursday, resulting in unauthorized transfers exceeding $230 million. This incident, detected by Cyvers Alerts and confirmed by on-chain analytics from Lookonchain, marks one of the largest thefts in cryptocurrency this year.
Initial Detection and Response
Cyvers Alerts, a security monitoring service, first detected the breach. Their systems noted multiple suspicious transactions from WazirX’s Safe Multisig wallet on the Ethereum network to a new address, warning of potential compromise. These alerts indicated that each transaction was linked to funds initially funded by Tornado Cash, raising red flags given Tornado Cash’s history with illicit activities.
In a statement released on their official X platform, WazirX addressed the breach, saying
We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused.
Furthermore, WazirX has identified the provider of the compromised multisig wallet as Liminal, a well-known crypto custody firm.
Details of the Stolen Assets
The primary theft address identified is `0x04b21735E93Fa3f8df70e2Da89e6922616891a88`, with stolen assets quickly being converted to Ethereum. The breakdown of stolen assets, as analyzed by Lookonchain, includes:
- Ethereum (ETH): 15,298 ETH valued at approximately $52 million.
- Shiba Inu (SHIB): Over 5.43 trillion tokens, valued at around $102 million.
- Polygon (MATIC): 20 million tokens worth about $11 million.
- Other assets, including PEPE, USDT, GALA, and more diverse tokens, amount to roughly $65 million. In total, the attacker moved assets amounting to $234,966,078.59.
According to Elliptic, the stolen funds represent more than 45% of the exchange’s reported $500 million holdings, a significant portion of WazirX’s assets. The exchange’s live proof of reserve site was temporarily offline for maintenance following the breach.
Crypto Industry Hit by North Korean Hackers Using Fake Job ApplicationsMarket Impact and Ongoing Investigations
The attackers have been actively converting the stolen assets into Ethereum via the decentralized exchange Uniswap. The stolen Ether holdings have not yet been liquidated, and the perpetrators still possess over $4.2 million in FLOKI tokens.
Following the breach, the price of WazirX’s token (WRX) plummeted by 16.87%, reflecting the market’s reaction to the security lapse. The exchange, which holds a significant position in the Indian crypto market and is among the few Financial Intelligence Unit (FIU) registered exchanges, is facing intense scrutiny.
