News

Cryptocurrency Exchange WazirX Loses $230 Million in Major Security Breach

Published

4 months ago

on

July 19, 2024Newsroom Cryptocurrencies / Cybercrime

Indian cryptocurrency exchange WazirX has confirmed that it was the victim of a security breach that resulted in the theft of $230 million in cryptocurrency.

“A cyber attack occurred at one of our [multi-signature] wallets resulting in a loss of funds exceeding $230 million,” the company She said in a statement. “This wallet has been operated using Liminal’s digital asset custody services and wallet infrastructure since February 2023.”

The Mumbai-based firm said the attack stemmed from a discrepancy between the information displayed on Liminal’s interface and what was actually signed. It said the payload was replaced to hand over control of the wallet to an attacker.

Cryptocurrency custodian Liminal is one of the wallet’s six signatories and is responsible for verifying transactions.

“Our preliminary investigations show that one of the self-custodial multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised,” Liminal said. She said in a series of posts shared on X.

“It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain safe and secure. Meanwhile, all malicious transactions to the attacker’s addresses occurred from outside the Liminal platform.”

Blockchain analytics firm Elliptic She said The attack bears all the hallmarks of North Korean threat actors, and the attackers decided to exchange cryptocurrencies for Ether using various decentralized services.

Cryptocurrency researcher ZachXBT also reiterated this on X, which She said “The WazirX hacker attack shows potential signs of a Lazarus Group attack (again).”

Threat actors affiliated with North Korea have a criminal record From staging of cyber attacks targeting the cryptocurrency sector since at least 2017 as a way to circumvent international sanctions imposed on the country.

Earlier this year, the United Nations said it was probing 58 alleged intrusions by nation-state actors between 2017 and 2023 that resulted in $3 billion in illegal revenue to help it advance its nuclear weapons program.

The disclosure comes against the backdrop of a coordinated law enforcement operation dubbed Spincaster, which busted scam networks making illicit profits through endorsement phishing, a popular tactic in which funds are stolen through fake cryptocurrency apps and romance scams (aka pig slaughter). It is estimated that up to $2.7 billion has been stolen using this method since May 2021.

“With the phishing approval technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens within the victim’s wallet, allowing the scammer to drain the victim’s address of those tokens at will,” Chainalysis She said.

Did you find this article interesting? Follow us on Chirping AND LinkedIn to read more exclusive content we publish.


Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version