With $44 million stolen, the crypto world is once again reminded of its vulnerabilities.

Attack Originated from Internal Liquidity Account

According to CoinDCX CEO Sumit Gupta, the breach stemmed from an internal account used for liquidity provision with another exchange. Hackers drained $44 million through what Gupta described as a “sophisticated server breach.”

“No user funds were affected,” Gupta assured. “The compromised account was isolated swiftly, and the loss will be covered entirely by our treasury reserves.”

Funds Traced Across Chains

On-chain analyst ZachXBT traced the attacker’s wallet back to Tornado Cash, where it was funded with 1 Ethereum. The stolen funds were then partially bridged from Solana to Ethereum, making tracking difficult.

You Might Be Interested In: Sonic SVM Research: Can New Stablecoins Shake Up the Old Order?

The incident echoes a similar hack on WazirX—another Indian exchange—exactly one year ago to the day, which resulted in a $235 million loss. Analysts see the timing as a grim reminder of persistent cybersecurity gaps in the crypto sector.

Wave of Recent Crypto Exploits

• Nobitex (Iran): $100 million stolen on June 18; source code leaked.
• GMX V1: $40 million drained on July 9, later returned for a $5M bounty.
• Arcadia Finance: $3.5 million lost due to smart contract exploit.

These repeated breaches stress the urgent need for better risk management in both centralized and decentralized ecosystems.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post CoinDCX Suffers $44M Hack in Sophisticated Server Breach appeared first on Coin Engineer.

WazirX Exchange Cleared After Forensic Investigation

Last month, WazirX, one of India’s largest crypto exchanges, was rocked by a $230 million hack. The attack stole about 45% of the exchange’s assets. The attack targeted a multisig wallet that required multiple private keys. Five of the six authorized signatories on this wallet belonged to WazirX and one to Liminal.

The exchange stated, “All transactions made through the Multisig wallet required approval from three members from WazirX first, followed by final authorization from Liminal.” However, the forensic report stated, “No security breach was detected on the three laptops used for transaction signing.”

According to the Mandiant Solutions report, findings emerged that the cyber attack was caused by Liminal’s vulnerabilities. WazirX officials stated that they have full confidence in the forensic report and will fully cooperate to resolve the situation. A WazirX spokesperson said, “We have full confidence in the investigation agency and will fully cooperate with them. We are actively working to recover the stolen funds and hope that those responsible will be brought to justice.”

Might interest you: Crypto Market Awaits FOMC Minutes and Fed Chair Powell’s Speech

WazirX has implemented a number of recovery strategies following the hack. The platform has launched a Bounty Program that rewards up to $10,000 in USDT and has published a survey to gather user opinions. The exchange is also in talks with its competitors and other firms in the industry for support or a possible acquisition.

WazirX has previously reached out to its former partner Binance, which controls a large amount of revenue and $80 million worth of WRX tokens.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Liminal Denies Liability: WazirX Hack Loses $230 Million appeared first on Coin Engineer.

WazirX’s Response to the Hack WazirX revealed that it is withdrawing assets from its former custodian, Liminal, following the July 18th incident where the platform suffered a $230 million hack. The exchange has since ended its relationship with Liminal, citing concerns over the custodian’s security interface post-attack. The migration to new multisig wallets is seen as a critical step in securing user funds and restoring confidence in the platform.

WazirX User Withdrawals: A Glimmer of Hope?

With users unable to withdraw funds for nearly a month, the exchange’s latest move has sparked speculation that withdrawals could resume soon. While WazirX did not provide a specific timeline, they emphasized that the safety of crypto assets remains their top priority. The migration to new wallets is expected to be a precursor to reinstating full platform functionality, including user withdrawals.

Backlash and Future Steps Nischal Shetty and WazirX have faced significant criticism from users and the broader crypto community due to the prolonged suspension of withdrawals. However, the recent actions indicate that the exchange is taking steps to mitigate the damage and restore trust.

Might interest you: WazirX Poll Explained: Impact on Users, Tax Implications, Withdrawal Limits

The native token of the exchange, WRX, has continued to trade in line with broader market trends, though investor sentiment remains cautious as the situation develops.

As WazirX completes the migration and strengthens its security, users are hopeful that the exchange will soon allow withdrawals, marking a significant step toward recovery from the hack.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hack Update: Withdrawals Expected Soon appeared first on Coin Engineer.

The WazirX Poll Options

1. Access 55% of Your Funds Without Withdrawals, First Priority to Potential Recovery Proceeds:

This option allows users to access 55% of their portfolio without the ability to withdraw these funds immediately. The remaining 45% will be converted into Tether (USDT) or other tokens available with the Indian exchange. Users choosing this option will have priority when potential recovery proceeds are distributed.

2. Access 55% of Your Funds With Withdrawals, Second Priority to Potential Recovery Proceeds:

This option enables users to access and withdraw 55% of their portfolio. The token conversion applies here as well. Users opting for this will have second priority in receiving any potential recovery proceeds.

Poll results, updated every 15 minutes, are intended to guide WazirX’s final decision. The exchange will consider the poll’s outcome, ongoing investigations, platform liquidity, and evolving circumstances. Currently, the majority of users prefer the second option as they want speedy withdrawals.

How Will It Impact Users?

Users face several challenges due to the hack and the subsequent poll options.

1. Snapshot Date Controversy:

The snapshot for valuing user portfolios is set for July 21, three days post-hack. Critics argue this is unfair as WazirX continued to allow deposits and trading after halting withdrawals on July 18. This allowed ‘illegal’ trading, as WazirX did not have the token backing for these transactions due to the loss of 45% of user funds. Moreover, prices plummeted due to panic selling as people sold their crypto for INR after knowing that the fiat reserve was unaffected. This panic situation led to further losses.

2. Replacement of Stolen Tokens:

Users will receive a basket of tokens equivalent in value to their stolen tokens based on average prices from CoinMarketCap and select global exchanges as of July 21, 2024, at 8:30 p.m. IST. This replacement ensures users can access the value of their stolen tokens but does not address the issue of the snapshot date.

Tax Implications:

The tax implications for users are complex. Accessing and potentially withdrawing the converted tokens might trigger tax events, depending on the user’s jurisdiction. Users must consult tax professionals to understand their specific obligations, particularly regarding capital gains or losses from the converted tokens.

Withdrawal Limits:

The withdrawal limits depend on the option chosen by users. Those opting for immediate access and withdrawals (second option) may face limits imposed by WazirX based on ongoing liquidity and recovery efforts. Users must stay informed about any updates from the exchange regarding these limits.

Significance of the August 3 Deadline:

The August 3 deadline is critical as it marks the cut-off for users to make their choice in the poll. The outcome will shape WazirX’s final decision on fund recovery and distribution, influencing the immediate financial recovery of its users.

WazirX poll presents users with tough choices in the wake of a significant hack. The options available, along with their respective implications, underscore the challenges faced by the exchange and its users as they navigate this crisis.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Poll Explained: Impact on Users, Tax Implications, Withdrawal Limits appeared first on Coin Engineer.

Details of the WazirX Attack

The attack targeted a multisig wallet used by WazirX, which had employed Liminal’s digital asset custody and wallet infrastructure since February 2023. The wallet required six signatories—one from Liminal and five from WazirX—to approve transactions, enhancing security through multiple layers of approval.

Might interest you: Cryptocurrency Exchange WazirX Suffers $234 Million Hack

The breach occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. Hackers managed to exploit these discrepancies by replacing the payload, allowing them to gain control of the multisig wallet and steal the funds.

Despite using robust security measures, including the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack managed to bypass these defenses. The Liminal Custody team confirmed to Cointelegraph that their platform was not breached and that all WazirX wallets created on the Liminal platform remain secure. The malicious transactions were executed from outside Liminal’s infrastructure.

India’s Regulatory Landscape

Joanna Cheng, associate general counsel at Fireblocks, highlighted the regulatory challenges faced by the Indian crypto industry. She pointed out the absence of specific guidelines for security measures, risk management, and consumer protection in India.

Cheng noted, “There is no crypto-specific regulation in India so far […] Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).”

In response to the regulatory gaps, Indian Prime Minister Narendra Modi called for a global crypto framework at the G20 Summit in August 2023. Modi emphasized the global impact of emerging technologies like blockchain and cryptocurrencies and advocated for a comprehensive global regulatory framework.

WazirX’s Response and Recovery Efforts

On July 18, WazirX addressed the community via a post on X, detailing the breach and assuring stakeholders that efforts are underway to recover the stolen assets. The exchange described the attack as a “force majeure event,” explaining that despite taking “all necessary steps to protect customer assets,” the theft still occurred.

Joanna Cheng discussed WazirX’s invocation of a force majeure clause, which typically excuses parties from fulfilling contractual obligations due to unforeseen events. However, she noted that if the event was foreseeable and could have been avoided or mitigated with reasonable measures, the clause might not be applicable.

WazirX is currently collaborating with cybersecurity teams to locate and recover the stolen funds and has promised to keep the community updated with further developments. The incident highlights the ongoing challenges in securing digital assets and the need for robust regulatory frameworks to address such vulnerabilities.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hack: Analyzing the $230M Attack appeared first on Coin Engineer.

According to data from cybersecurity firm CYVERS, WazirX’s Safe Multisig wallet on the Ethereum network was compromised. The attackers reportedly transferred a total of $234.9 million to a new address, with each transaction originating from a TornadoCash-funded account.

Blockchain security company PeckShield also confirmed the exploit through a recent tweet. Reports suggest the attackers are swapping stolen assets like PEPE, GALA, and USDT to Ethereum (ETH) and potentially continuing swaps with other cryptocurrencies.

The post BREAKING: Cryptocurrency Exchange WazirX Suffers $234 Million Hack appeared first on Coin Engineer.