Global blockchain supervision and query platform

English
Download

WarizX Hacked for $235 Million, Be Aware: Tokens Are Being Sold Off

WarizX Hacked for $235 Million, Be Aware: Tokens Are Being Sold Off WikiBit 2024-07-19 16:25

Indian exchange WazirX hacked for $235 million, with most funds sold for ETH. The stolen assets account for over 45% of the exchange's total reserves.

On July 18, according to Lookonchain monitoring, the wallet address 0x04b21735E93Fa3f8df70e2Da89e6922616891a88 of the Indian cryptocurrency exchange WazirX transferred assets worth over $235 million abnormally. The stolen assets are as follows:

Subsequently, WazirX posted a statement indicating that a security vulnerability had occurred in one of their multi-signature wallets. The team is actively investigating the issue and has temporarily suspended INR and cryptocurrency withdrawals.

Beosin Alert stated that the attacker obtained the signature data of the exchange's multi-sign wallet administrators and modified the wallet's logic contract to execute erroneous logic, thereby stealing assets.

Attacker address: 0x6eedf92fb92dd68a270c3205e96dccc527728066

Victim address: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4

Based on the attacker's behavior, it is speculated that the reason is the leakage of the administrator's private key for the multi-signature wallet. Beosin provides a brief analysis of the attack reason as follows:

  • The attacker deployed an attack contract: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. The function of this contract is to extract the token assets specified by the contract.
  • The attacker obtained the signature data of the WazirX multi-sign wallet administrators and modified the wallet's logic contract to the pre-deployed attack contract. The corresponding transaction is: https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d
  • The attacker submitted a token extraction transaction to the WazirX multi-sign wallet. Due to the proxy mechanism, the wallet contract used delegatecall to call the relevant functions of the attack contract, transferring the wallet tokens.
  • According to the flow chart of the stolen funds, the hacker has transferred some funds to Changenow and Binance exchanges.

    Blockchain analysis firm Elliptic stated that North Korea-linked hacker groups might be behind the “WazirX $235 million hacking incident.”

    Spot On Chain monitoring data shows that the total value of ETH held by the WazirX attacker has risen to 59,097 ETH ($201 million). Among them, 15,298 ETH ($52 million) was directly stolen from the exchange; 43,799 ETH ($149 million) was obtained by selling various assets, particularly 5.43 trillion SHIB ($90.2 million), 20.5 million MATIC ($10.2 million), and 640.27 billion PEPE ($7.48 million).

    The attacker has not yet taken further action with these ETH.

    WazirX is one of the few exchanges registered with the Financial Intelligence Unit (FIU) in India. It is reported that the stolen tokens account for more than 45% of the total reserves listed in the exchange's June 2024 report.

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

  • Token conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00