After a recent sophisticated cyber attack on WazirX’s multi-signature Ethereum wallet, the exchange conducted a preliminary investigation. According to a blog post on July 25, WazirX revealed that there was no evidence to suggest that the machines of WazirX signers had been compromised during the attack. This attack, which occurred earlier in the month, has caused significant concern and scrutiny within the crypto community.
Initially, WazirX attributed the hack to an issue with its custody service provider, Liminal’s user interface. However, Liminal later released a report on July 19 stating that its infrastructure was not responsible for the breach. Instead, compromised hardware wallets were identified as the likely cause of the attack. Despite ongoing forensic analysis, WazirX has not found any signs of malware or tampering on the signers’ devices.
The attacked wallet required signatures from three WazirX signers and one from Liminal. The malicious transactions were signed using devices from different locations, all accessing the legitimate Liminal website. Interestingly, the hardware wallets did not detect any new connection requests, indicating that the website used was authentic. This suggests a potential breach within Liminal’s system, even with the exchange’s rigorous security measures in place.
WazirX outlined two potential scenarios to explain the breach. The first scenario involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a compromise of their system. The second scenario suggests a compromise of WazirX signers’ devices by malware, although preliminary evidence does not support this theory. In either case, a breach of Liminal’s firewall would have been necessary to obtain the final signature.
The cyber attack on WazirX on July 18 resulted in the theft of approximately 45% of the crypto held by the exchange, leading to a temporary halt in operations. However, WazirX assured users that their fiat currency deposits remained safe. The exchange is currently working with authorities to find a viable solution and is exploring partnerships to compensate affected customers. Cybersecurity experts have speculated the involvement of the notorious North Korean Lazarus Group in the attack, highlighting the evolving challenges of securing multi-signature wallets.
The incident serves as a reminder of the risks associated with blind signing in multi-signature wallets, where transaction details are not displayed on hardware wallets. Despite implementing industry-standard best practices, such as verifying website URLs and using reputable platforms, WazirX fell victim to the cyber attack. The exchange’s efforts to resume services and make customers whole demonstrate a commitment to addressing the aftermath of the breach and improving security measures going forward.
Leave a Reply