WazirX pauses withdrawals amid $234.9M crypto heist
Cybersecurity firm Cyverse raised the alarm on X, stating that $234.9 million worth of assets were transferred from WazirX to an unknown address.
Cryptocurrency exchange WazirX has temporarily halted withdrawals following a security breach involving its Safe Multisig wallet.
Cybersecurity firm Cyverse raised the alarm on X, stating that $234.9 million worth of assets were transferred to an unknown address, with the transactions allegedly initiated via Tornado Cash, a service used for anonymising crypto transactions.
"We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We'll keep you posted with further updates," WazirX said in a statement.
In a now-deleted post on X, WazirX noted that "the security issue involves one of our Liminal multisig wallets". Liminal is a crypto wallet infrastructure provider that offers businesses custodian wallets that secure digital assets across different blockchain protocols.
"Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe," Liminal spokesperson said in a statement to YourStory.
"....all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform. Adhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation," the statement added.
The company recently secured Financial Intelligence Unit (FIU) registration in India, positioning it as a 'reporting entity' under the Prevention of Money Laundering Act.
A multisig wallet, short for "multi-signature wallet," requires multiple private keys to authorise a transaction, enhancing security compared to single-signature wallets.
"The suspicious address has already swapped $PEPE, $GALA, and $USDT to $ETH and continues to swap other digital assets," Cyverse posted on X.
"We attempted to contact you 30 minutes ago, but received no response. It appears that your Safe wallet has been compromised by a malicious actor!" the post added.
However, it is not yet clear whether the stolen funds were from users' wallets or WazirX's own reserves.
Meanwhile, competitor CoinSwitch's parent company PeepalCo has issued an advisory asking crypto investors to be mindful of potential market volatility in light of the hack and exercise caution in their trading and investment activities.
(The copy was updated with additional information.)
Edited by Kanishk Singh