WazirX is Hacked Your digital money at risk : $235 million at loss

Hackingblogs: WazirX , a reputable Indian cryptocurrency exchange, has been hacked.

“We are aware that there was a security vulnerability in one of our multisig wallets,” WazirX wrote on X (previously Twitter). “The incident is being looked into by our staff right now. The loss of INR and cryptocurrency will be temporarily suspended to protect your investments.”

What bug hunters have to say about the WazirX Bug Bounty programme is shown below

In fact, Wazirx runs a bug bounty programme where bug bounty hunter can test and report bugs. However, Wazirx’s bug bounty program has received a lot of negative feedback, for failing to notify users when they report issues. Time management and lack of recognition were two major drawbacks.

A person commented on the post and said the following.

What is Multisig Wallet ?

A particular kind of cryptocurrency wallet called a multisig wallet needs two or more private keys in order to authenticate and confirm transactions before processing them.

A security vulnerability on WazirX on Thursday morning caused transfers totaling more than $230 million during the early European hours.

WazirX is Hacked

“Multiple suspicious transactions” involving WazirX’s Safe Multisig wallet on Ethereum were found, according to Web3 security company Cyvers. It is estimated that $234.9 million in funds from the Safe Multisig wallet were transferred to a new address, with each transaction’s caller receiving a refund using Tornado Cash, an entirely decentralised Ethereum protocol for private transactions, according to their article on X.

According to Cyvers, “the suspicious address is still swapping additional digital assets, having previously switched $PEPE (Pepe), $GALA (Gala), and $USDT (Tether) to $ETH (Ether).”

Giottus CEO Vikram Subburaj stated on X “Wazirx confirmed a security breach. The best course of action for those who have money in Wazirx at this time is to remain cool and let the Wazirx team solve the problem. Note that your funds in Giottus are SAFE, just to calm you out.”

ZachXBT, a crypto investigator on Telegram, provided additional information, revealing that the hacker’s primary address still has almost $104 million worth of digital assets. About $100 million in Shiba Inu (SHIB), $52 million in ETH, and $11 million in Polygon (MATIC) make up the stolen funds. Numerous other tokens are also impacted. Notable holdings include $4.7 million in FLOKI, $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).

On-chain data shows that at the time of publication, the hacker’s cryptocurrency holdings were estimated to be at $211 million. The bulk of these assets were located in the wallet and included $4.7 million in Floki (FLOKI), $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).