The WazirX breach reveals vulnerabilities in multisig wallets, even with strong security measures. In one of the year’s biggest cyberattacks, the Indian cryptocurrency exchange lost over $230 million from a multisig wallet.
WazirX reported that the attack targeted a multisig wallet using Liminal’s custody and wallet infrastructure since February 2023. The wallet had six signatories—one from Liminal and five from WazirX—to ensure secure transactions through multiple approvals.
Details of the WazirX Wallet Breach: How the Attack Exploited Discrepancies
The WazirX wallet breach occurred due to discrepancies between the data shown on Liminal’s interface and the actual transaction details. The attacker replaced the transaction payload, allowing them to take control of the multisig wallet and steal the funds.
Despite employing security measures like the Gnosis Safe multisig smart contract platform and a whitelisting policy, the breach exploited these defenses.
Liminal Custody confirmed that its platform was not compromised and that its assets, wallets, and infrastructure remain secure. They stated that all WazirX wallets on the Liminal platform continue to be protected and that the malicious transactions occurred from outside the Liminal platform.
India’s Crypto Regulatory Challenges Highlighted by Fireblocks’ Joanna Cheng
Joanna Cheng, associate general counsel at Fireblocks, has highlighted the regulatory challenges facing the cryptocurrency industry in India. She noted the absence of specific guidelines for security measures, risk management, and consumer protection within the country’s regulatory framework.
Cheng emphasized that there is no dedicated crypto regulation in India, and regulatory intervention would require exchanges serving large numbers of retail customers to be held accountable for their actions or inactions.
In response to the lack of a clear crypto regulatory framework in India, Prime Minister Narendra Modi called for a global cryptocurrency framework at the G20 Summit in August 2023. Modi argued that emerging technologies like blockchain and cryptocurrencies have global implications and advocated for a comprehensive international regulatory approach.
WazirX Addresses $230 Million Attack and Force Majeure Claim
On July 18, WazirX addressed the community through an X post, providing details about the $230 million attack and reassuring stakeholders that efforts are underway to recover the stolen assets.
The Indian exchange described the breach as a “force majeure event,” stating that despite implementing all necessary security measures to protect customer assets, the theft still occurred.
Joanna Cheng from Fireblocks discussed WazirX’s use of a force majeure clause, which typically excuses a party from meeting contractual obligations due to unforeseen events. However, she noted that if it is determined that the event was foreseeable and could have been prevented or mitigated with reasonable measures, the clause may not apply.
WazirX is collaborating with cybersecurity teams to locate and recover the stolen funds and has committed to providing further updates to the community.
Important: Please note that this article is only meant to provide information and should not be taken as legal, tax, investment, financial, or any other type of advice.
Join Cryptos Headlines Community
Follow Cryptos Headlines on Google News