Cyber security firm Cyvers had sent early warnings to WazirX about the suspicious activity on the multi-signature wallet on July 18, but the exchange’s warnings went unheeded. Initially, tens of millions were lost, but the figure soared over $230 million as the breach continued.
Michael Pearl, Cyvers’ Vice President, told crypto researcher Aditya Singh (@CryptooAdy) that upon detecting the breach, Cyvers attempted to notify WazirX despite the exchange not being a client.
Pearl recounted that after some initial scepticism, the WazirX team acknowledged the severity of the attack and set up a response team to assess the damage.
However, as Pearl said, “After you get hacked, there’s not much you can do.” The attack’s magnitude meant that most of the damage was done before any intervention could mitigate it.
Cyvers’ ability to identify the wallets involved in the breach remains confidential, but the firm has consistently been able to attribute wallets to specific exchanges with high accuracy. This skill quickly limits their ability to act preemptively, despite a lack of direct partnerships with some exchanges.
Pearl emphasised the critical issues in the cryptocurrency industry: many exchanges, especially centralised ones, lack real-time monitoring systems to prevent or minimise such attacks.
Despite being the most targeted entities in the crypto ecosystem, exchanges often rely on internal security measures, which can be inadequate against sophisticated threats. The WazirX breach should serve as a wake-up call, especially for Indian exchanges, many of which reached out to Cyvers for support in the aftermath of the attack.
Pearl believes that if WazirX had implemented a real-time monitoring solution, the hack could have been prevented. The attack leveraged a malicious smart contract, a tactic Cyvers could have detected and blacklisted before the damage was done.
“If they had worked with us, we could have intervened and prevented this,” Pearl noted.
Following the breach, hackers began moving the stolen funds, converting a portion into Ethereum and using Tornado Cash, a popular mixer, to obscure the funds’ origin.
However, Pearl explained that laundering such a significant sum is not straightforward. Despite the anonymity mixers provide, exchanges and regulators are becoming increasingly adept at tracking suspicious activity across blockchains.
As of now, a large portion of the stolen funds remains in various cryptocurrencies, and efforts are ongoing to conceal and convert them into fiat currency.
“While the hackers stole $235 million, they still need to off-ramp it into fiat. We are tracking them in real-time, even as they move the funds through Tornado Cash and swap them across blockchains.” Pearl explained.
Pearl is optimistic that the beach will lead to a more security-conscious approach in India’s crypto space. He noted a surge in interest from Indian exchanges and payment providers, all eager to avoid becoming the next victim of a similar attack.
“I am hopeful that this will raise the awareness for other exchanges to implement measures that will prevent the next hack,” Pearl said.
In the News: Zero-click flaw affects MediaTek WiFi chips in smartphones and routers