en
Back to the list

Crypto exchange WazirX hacked for $235 million, attacker starts dumping tokens

source-logo  invezz.com 18 July 2024 07:59, UTC

Prominent Indian cryptocurrency exchange WazirX is the latest victim of an exploit. Reports suggest the exchange’s Multisig wallet on Ethereum has been compromised.

On July 18, Web3 security firm Cyvers detected several suspicious transactions that moved $234.9 million of funds from the exchange’s wallet to a new address.

🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.

A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.

The suspicious… pic.twitter.com/4sajAwd4Hb

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 18, 2024

Attacker starts dumping tokens

Further, the security firm noted that each of the transaction callers was funded by Tornado Cash, a decentralised privacy protocol.

According to Etherescan data, the first transaction saw 4.1 Gnosis (GNO) moved to the exploiters’ address. The attacker then moved to swap multiple assets, including Tether, Pepe, and Gala, to Ether.

The transactions were routed via multiple addresses before swapping to Ethereum on the decentralised exchange Uniswap V3.

Initially, the attacker had siphoned 5.43T SHIB($102M), 15,298 $ETH($52.5M), 20.5M $MATIC($11.24M), 640.27B $PEPE($7.6M), 5.79M $USDT, and 135M $GALA($3.5M) among other assets, according to data shared by on-chain tracker Lookonchain.

The attacker initially dumped $7.6 million worth of PEPE tokens and sold 35 billion SHIB tokens, valued at approximately $618K, an hour later.

At the time of writing, data from Zapper revealed that the wallet held approximately $215 million worth of assets and the attacker was continuing to sell the stolen assets.

WazirX has acknowledged the breach and suspended crypto and INR withdrawals. It did not disclose any information about how the attack transpired.

Invezz reached out to WazirX for comments, but the firm declined to comment on the matter.

In light of the attack, Sumit Gupta, co-founder of CoinDCX, told Invezz that CoinDCX stores all of its funds in “cold wallets” to avoid attacks of this sort.

We take information security seriously, implementing industry-leading security measures, including multi-party computation (MPC), two-factor authentication (2FA), and other advanced encryptions.

Crypto sector remains in the grey

The attack on WazirX comes as Indian regulators seek to tighten their grip on the nation’s crypto sector.

In March, the Financial Intelligence Unit (FIU) of the Indian Ministry of Finance issued notices to several foreign exchanges operating in the nation. The regulator also fined Binance $2.2 million for non-compliance with the nation’s anti-money laundering rules.

With no solid regulations in place and a hefty tax on cryptocurrency profits, India remains a tough market for cryptocurrency-focused entities.

In an interview with Invezz, Rajagopal Menon, vice president at WazirX, said he expects the government to work on regulations early next year. Regarding the current crypto tax, Menon suggested a “0.01%” TDS instead of the 1% currently being levied.

However, the WazirX vice president remained optimistic, stating:

There are a lot of issues. Hopefully, something will come up because all said and done this is a very practical government.

The post Crypto exchange WazirX hacked for $235 million, attacker starts dumping tokens appeared first on Invezz

invezz.com