India’s largest cryptocurrency exchange, WazirX on Thursday reported a major security breach leading to a siphoning of funds over $230 million. The breach was first reported by a Web3 security firm Cyver that informed on X (formerly Twitter) that its system detected multiple suspicious transactions involving WazirX’ multi-signature wallet, Safe Multisig.
The Indian crypto firm later confirmed the breach, adding that it is pausing rupee and crypto withdrawals: “We’re aware that one of our multi-signature wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We’ll keep you posted with further updates,” it said in a post on X (formerly Twitter).
Based on the Cyvers estimate, the amount lost from the multiple-signature wallet on WazirX would be one of the biggest crypto thefts in recent years. It comes just a month after Japanese crypto exchange DMM Bitcoin also lost over $300 million in a hack.
The hack targeted WazirX’s multi-signature wallet on the Ethereum network, potentially due to a private key compromise, and siphoned the assets. Multi-sig wallets are a type of cryptocurrency wallet that requires two or more private keys to authenticate and confirm transactions before processing. The perpetrator is estimated to have stolen $96.7 million worth of Shiba Inu (SHIB) tokens, the most among lost funds, followed by $52 million in Ethereum (ETH), $11 million in Polygon (MATIC), and $7.6million in Pepe (PEPE).
With total funds stolen estimated at $235 million, it accounts for nearly 45 per cent of WazirX’s $500-million reserves as per the company’s numbers reported in June.
According to another security firm, Elliptic, this attack appears to have been perpetrated by hackers affiliated with North Korea.