Indian cryptocurrency exchange WazirX confirmed that approximately $230 million in assets were suspiciously transferred from its platform’s Liminal multisig wallets. The platform responded by pausing all withdrawals to prevent further unauthorised transfers.
Lookchain, a blockchain explorer, reported the specifics of the stolen assets:
- 5.43 billion SHIB tokens
- Over 15,200 Ethereum tokens
- 20.5 million Matic tokens
- 640 billion Pepe tokens
- 5.79 million USDT
- 135 million Gala tokens
The attacker’s identity remains unknown, but blockchain data indicates they are attempting to liquidate the stolen assets through the decentralised exchange Uniswap, reports TechCrunch. Mudit Gupta, a blockchain security researcher, believes that the hackers are from DPRK.
“The hackers started practising the hack onchain at least 8 days ago and finally executed it today. It’s a very methodical and organised attack, pointing towards DPRK as the hacker,” tweeted Gupta.
The breach represents a significant blow to WazirX, which disclosed approximately $500 million in holdings in its June proof-of-reserves report. The loss of $230 million constitutes a substantial portion of the exchange’s assets.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused,” the exchange tweeted. “It appears that the security issue involves one of our Liminal multisig wallets. Our team is actively working on the matter. Thank you for your patience and support.”
In response to the breach, other major Indian crypto exchanges, CoinSwitch and CoinDCX, reassured their customers about the security of their funds.
“We advise all our crypto investors to be mindful of potential market volatility during this time and exercise caution in their trading and investment activities,” said Ashish Singhal, co-founder of CoinSwitch.
The crypto sector has been one of the most favourite playgrounds for cybercrooks. A few days ago, reports emerged that over a dozen domains registered with Squarespace experienced website hijackings.
Last month, it was reported that hackers are funnelling stolen crypto through the Exch.cx platform. In February 2024, hackers claimed MicroStrategy’s X account leading to a $440,000 crypto scam. Similarly, in June, Microsoft India’s X account was hacked to boost crypto scams.
In the News: Cellebrite can’t unlock updated iPhone and Pixel devices
