Key Insights
- WazirX cryptocurrency exchange suffers a $230 million security breach due to a suspected private key compromise of its multisig wallet.
- Hackers stole various cryptocurrencies, including over $100 million in SHIB, $52 million in ETH, and $11 million in MATIC tokens.
- WazirX has suspended all withdrawals and is investigating the incident, while the stolen funds are being converted to Ethereum by the attacker.
MUMBAI (MarketsXplora) – Indian cryptocurrency exchange WazirX has fallen victim to a significant security breach, resulting in the unauthorized transfer of over $230 million worth of crypto assets, the company confirmed on Tuesday.
The exploit, which targeted WazirX’s multisig wallet on the Ethereum network, is believed to have occurred due to a private key compromise, according to security firm Blocksec. The attack required the perpetrator to upgrade the implementation of the Safe Wallet to a malicious contract.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident,” WazirX said in a statement.
WazirX Suspends Withdrawals After $230 Million Crypto Hack
The exchange has temporarily paused all withdrawals, including both Indian Rupee (INR) and cryptocurrency, to ensure the safety of remaining assets.
Yajin (Andy) Zhou, co-founder of Blocksec, told MarketsXplora,
“Looks there is a private key leakage in WazirX exchange. The leaked private keys are used to upgrade a safe multi-sig wallet, which holds a large number of assets, to a malicious contract. Then the malicious contract is used to drain most of the assets in the Safe Wallet.”
On-chain data reveals the extent of the theft, with over $100 million in Shiba Inu (SHIB) tokens stolen, alongside 15,290 Ethereum (ETH) valued at approximately $52 million, and 20 million Polygon (MATIC) tokens worth $11 million.
The hacker’s haul also included 640 billion Pepe (PEPE) tokens ($7.5 million), 5.7 million Tether (USDT), and 135 million Gala (GALA) tokens valued at $3.5 million.
The stolen funds were transferred to an address that has begun actively converting the pilfered assets into Ethereum. This rapid conversion of stolen tokens to a more liquid cryptocurrency suggests the attacker may be attempting to obfuscate the trail of funds or prepare for a cash-out.
Meet Samson Ononeme, a dynamic writer, editor, and CEO of marketsxplora.com. With a passion for words and a sharp business acumen, he captivates readers with captivating storytelling and delivers insightful market analysis.