WazirX security breach leads to $230 million withdrawals

On Thursday, Indian cryptocurrency exchange WazirX faced a significant security breach, resulting in over $230 million in withdrawals. The breach compromised one of WazirX’s multisig wallets, causing a substantial loss of user funds.

WazirX acknowledged the incident on X (formerly Twitter), stating, “We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We’ll keep you posted with further updates.”

The exchange confirmed that the breach is under investigation, and all withdrawals have been temporarily suspended. They also noted the discovery of two more exploited smart contracts. “We have identified two more exploited smart contracts. Our team is still investigating the incident. We have now opened a secluded website to revoke all approvals. Your funds are at risk until you revoke,” WazirX stated.

Liminal Custody, a Singapore-based digital asset custody and wallet infrastructure platform, clarified that the impacted multi-sig smart contract wallets were created outside their ecosystem. “Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached, and Liminal’s infrastructure, wallets, and assets remain safe,” Liminal Custody’s statement read.

Liminal emphasized that all WazirX wallets created on their platform remain secure and protected. “It is also pertinent to note that all WazirX wallets created on the Liminal platform remain secure and  protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred outside the Liminal platform. Adhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation,” the statement added.

Multisig wallets, which require two or more private keys to authenticate and confirm transactions, are designed to enhance security. However, this added layer of protection was compromised in this instance.