Coinbase has promised compensation to all affected users. The company will also cover losses for users deceived by social engineering attacks during this process, aiming to maintain user trust. Additionally, Coinbase created a $20 million reward fund to incentivize information leading to the identification of the attackers. The crypto exchange has started implementing new security measures to prevent user harm. 

Coinbase Cyber Attack

In a clear stance shared on X , Coinbase CEO Brian Armstrong stated: 

“We will not pay ransom to extortionists. Instead, we offer a $20 million reward to those who provide information leading to the identification and prosecution of the perpetrators.” 

Following the attack, Coinbase increased its security measures. A new customer support center was established in the US, where identity verification and fraud awareness notifications became mandatory. Moreover, additional identity verification processes were added for high-value transactions. These steps aim to protect user accounts. The company also announced that it will provide regular updates to users in the coming days. 

The Method Behind the Attack 

The attackers attempted to infiltrate the system by bribing some customer representatives working abroad. Coinbase described this as an unusual and complex social engineering attack. However, the attackers did not gain access to sensitive systems. 

Coinbase estimates that less than 1% of users’ data was affected. Nevertheless, it warned customers to remain vigilant against potential fraud risks. This incident has once again highlighted the growing cyber threats in the crypto sector. Last year, India-based WazirX lost $230 million in a similar attack. Coinbase’s breach underscores the urgent need for data security and regulatory measures. 

Security at crypto exchanges has become not only a technological but also a strategic priority. Users should protect their accounts with two-factor authentication and strong passwords. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Coinbase Hit by Cyber Attack: CEO Sends Message of No Ransom appeared first on Coin Engineer.

Cybercriminals often send money to a mixer in order to complicate law enforcement’s tracking and recovery of pilfers of cryptocurrency. Targeting its multi-signature wallet, cryptocurrency exchange WazirX revealed a significant cyberattack causing a loss of more than $230 million on July 18, 2024. According to the exchange, this episode has affected WazirX’s capacity to keep balanced collaterals against its assets.

While the team concentrates on partial recovery and losses expected to be distributed among users, withdrawals remain frozen and trading has been stopped since July 21. Reports state that the restructuring initiatives might cause users of the platform not to get the whole value of their cryptocurrencies kept on it during the attack.

The North Korean Lazarus Group, a well-known state-sponsored hacking group infamous for launching high-profile breaches, including a $600 million hack on the Ronin sidechain in 2022, is thought to have launched this attack.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hack: $6.5M Laundered Through Tornado Cash appeared first on Coin Engineer.

What Happened in August?

Among the most significant incidents in August were two major phishing attacks that resulted in the theft of $238 million in Bitcoin and $55.4 million in Dai. Other notable losses included a breach of the Ronin Network, where hackers managed to siphon off $12 million, although $5.1 million in unauthorized transactions were recovered. Additionally, the decentralized finance protocol Nexera suffered a loss of $1.83 million due to a smart contract vulnerability.

A report published by Immunefi on August 29 revealed that the cryptocurrency industry has seen $1.21 billion in digital assets lost to hacks and rug pulls since the beginning of 2024.

In July, India’s WazirX cryptocurrency exchange fell victim to one of the largest cyberattacks of 2024, losing $234.9 million from one of its multi-signature wallets. The exchange is currently in the process of implementing a phased plan to restore its financial operations, which includes pursuing legal actions in Singapore as part of its restructuring efforts.

To protect the crypto industry from the financial losses caused by hacks, a team of ethical hackers has been assembled to strengthen defenses and prevent breaches. This elite anti-hack response unit, known as the Security Alliance (SEAL), is led by white-hat hacker Samczsun and has handled over 900 reports related to hacking incidents since its inception in August 2023.

According to an Immunefi report dated August 22, approximately 80% of cryptocurrencies never recover their value after a hack or exploit, with the resulting depreciation often causing more harm to projects than the exploit itself.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Crypto Attacks in August Resulted in $313 Million in Losses appeared first on Coin Engineer.

A brief post on social networking platform X claims the exchange stated the action is a part of “ongoering efforts to resolve the issue surrounding INR and crypto balances on the platform.”

Last month, the battered exchange stopped all trading on its platform following a $230 million hack on July 18. The exchange then presented a recovery program—also known as “socialized loss strategy”—that drew major criticism on social media.

At the time, some data pointed to the exploit coming from North Korea’s infamous Lazarus Group. Attacks of this nature hardly help crypto assets recover. Responding to the attack, WazirX revealed earlier this month its intentions to reverse any deals made after the withdrawal freeze it instituted on July 18.

“This decision has not been made lightly and aims to protect the integrity of our platform and facilitate an equitable outcome for users following the abnormality arising as a result of the cyberattack that occurred on July 18, 2024,” the exchange announced at the time.

Most recently, Google affiliate Mandiant apparently stated that the cyberattack did not compromise WazirX computers.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Reverses Orders After $230M Hack Incident appeared first on Coin Engineer.

WazirX Exchange Cleared After Forensic Investigation

Last month, WazirX, one of India’s largest crypto exchanges, was rocked by a $230 million hack. The attack stole about 45% of the exchange’s assets. The attack targeted a multisig wallet that required multiple private keys. Five of the six authorized signatories on this wallet belonged to WazirX and one to Liminal.

The exchange stated, “All transactions made through the Multisig wallet required approval from three members from WazirX first, followed by final authorization from Liminal.” However, the forensic report stated, “No security breach was detected on the three laptops used for transaction signing.”

According to the Mandiant Solutions report, findings emerged that the cyber attack was caused by Liminal’s vulnerabilities. WazirX officials stated that they have full confidence in the forensic report and will fully cooperate to resolve the situation. A WazirX spokesperson said, “We have full confidence in the investigation agency and will fully cooperate with them. We are actively working to recover the stolen funds and hope that those responsible will be brought to justice.”

Might interest you: Crypto Market Awaits FOMC Minutes and Fed Chair Powell’s Speech

WazirX has implemented a number of recovery strategies following the hack. The platform has launched a Bounty Program that rewards up to $10,000 in USDT and has published a survey to gather user opinions. The exchange is also in talks with its competitors and other firms in the industry for support or a possible acquisition.

WazirX has previously reached out to its former partner Binance, which controls a large amount of revenue and $80 million worth of WRX tokens.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Liminal Denies Liability: WazirX Hack Loses $230 Million appeared first on Coin Engineer.

WazirX’s Response to the Hack WazirX revealed that it is withdrawing assets from its former custodian, Liminal, following the July 18th incident where the platform suffered a $230 million hack. The exchange has since ended its relationship with Liminal, citing concerns over the custodian’s security interface post-attack. The migration to new multisig wallets is seen as a critical step in securing user funds and restoring confidence in the platform.

WazirX User Withdrawals: A Glimmer of Hope?

With users unable to withdraw funds for nearly a month, the exchange’s latest move has sparked speculation that withdrawals could resume soon. While WazirX did not provide a specific timeline, they emphasized that the safety of crypto assets remains their top priority. The migration to new wallets is expected to be a precursor to reinstating full platform functionality, including user withdrawals.

Backlash and Future Steps Nischal Shetty and WazirX have faced significant criticism from users and the broader crypto community due to the prolonged suspension of withdrawals. However, the recent actions indicate that the exchange is taking steps to mitigate the damage and restore trust.

Might interest you: WazirX Poll Explained: Impact on Users, Tax Implications, Withdrawal Limits

The native token of the exchange, WRX, has continued to trade in line with broader market trends, though investor sentiment remains cautious as the situation develops.

As WazirX completes the migration and strengthens its security, users are hopeful that the exchange will soon allow withdrawals, marking a significant step toward recovery from the hack.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hack Update: Withdrawals Expected Soon appeared first on Coin Engineer.

The WazirX Poll Options

1. Access 55% of Your Funds Without Withdrawals, First Priority to Potential Recovery Proceeds:

This option allows users to access 55% of their portfolio without the ability to withdraw these funds immediately. The remaining 45% will be converted into Tether (USDT) or other tokens available with the Indian exchange. Users choosing this option will have priority when potential recovery proceeds are distributed.

2. Access 55% of Your Funds With Withdrawals, Second Priority to Potential Recovery Proceeds:

This option enables users to access and withdraw 55% of their portfolio. The token conversion applies here as well. Users opting for this will have second priority in receiving any potential recovery proceeds.

Poll results, updated every 15 minutes, are intended to guide WazirX’s final decision. The exchange will consider the poll’s outcome, ongoing investigations, platform liquidity, and evolving circumstances. Currently, the majority of users prefer the second option as they want speedy withdrawals.

How Will It Impact Users?

Users face several challenges due to the hack and the subsequent poll options.

1. Snapshot Date Controversy:

The snapshot for valuing user portfolios is set for July 21, three days post-hack. Critics argue this is unfair as WazirX continued to allow deposits and trading after halting withdrawals on July 18. This allowed ‘illegal’ trading, as WazirX did not have the token backing for these transactions due to the loss of 45% of user funds. Moreover, prices plummeted due to panic selling as people sold their crypto for INR after knowing that the fiat reserve was unaffected. This panic situation led to further losses.

2. Replacement of Stolen Tokens:

Users will receive a basket of tokens equivalent in value to their stolen tokens based on average prices from CoinMarketCap and select global exchanges as of July 21, 2024, at 8:30 p.m. IST. This replacement ensures users can access the value of their stolen tokens but does not address the issue of the snapshot date.

Tax Implications:

The tax implications for users are complex. Accessing and potentially withdrawing the converted tokens might trigger tax events, depending on the user’s jurisdiction. Users must consult tax professionals to understand their specific obligations, particularly regarding capital gains or losses from the converted tokens.

Withdrawal Limits:

The withdrawal limits depend on the option chosen by users. Those opting for immediate access and withdrawals (second option) may face limits imposed by WazirX based on ongoing liquidity and recovery efforts. Users must stay informed about any updates from the exchange regarding these limits.

Significance of the August 3 Deadline:

The August 3 deadline is critical as it marks the cut-off for users to make their choice in the poll. The outcome will shape WazirX’s final decision on fund recovery and distribution, influencing the immediate financial recovery of its users.

WazirX poll presents users with tough choices in the wake of a significant hack. The options available, along with their respective implications, underscore the challenges faced by the exchange and its users as they navigate this crisis.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Poll Explained: Impact on Users, Tax Implications, Withdrawal Limits appeared first on Coin Engineer.

Impact on Collaterals and User Safety

WazirX noted in an X news post, “The cyber attack theft has impacted our ability to maintain 1:1 collaterals with assets, and we have temporarily paused trading.” At the moment, WazirX’s wallets had millions of MATIC tokens, PEPE tokens, USDT tokens, GALA tokens, and Shiba Inu tokens valued at almost $100 million. Since most of the stolen assets have been turned into ether, the hacker—who evidence points to may be the North Korean state-sponsored Lazarus Group—has gone silent.

Bounty Program and ZachXBT’s Involvement

Inviting cybersecurity and blockchain professionals to “join this critical mission and protect the integrity of the crypto ecosystem,” WazirX also revealed the creation of a bounty program for help with locating, freezing, or returning the cash. Originally offering 5% of the recovered money as an incentive for helping with its complete return, the company then upped the prize to 10% based on comments from blockchain detective ZachXBT, per their post. For “actionable intelligence that leads to the freezing of the funds,” the corporation is also providing “up to $10,000 worth of USDT.” Though that period may change, the program will run for three months.

Rarity of Recoveries from Lazarus Group

If it is actually Lazarus Group, then “$10 million bounty means nothing since they are not going to merely hand over the money or be discovered and legally liable. 5% is less than the 10%+ industry average,” ZachXBT noted. Writing, “I do not have the resources to follow a potential Lazarus group hack like this 24/7 as it requires many hours,” ZachXBT also clarified, stating he himself would not be helping with the probe. Recoveries from hacks involving the Lazarus Group are remarkably rare, as ZachXBT observed. Chainalysis highlighted that it was the first time money connected to North Korea’s hacking outfit had been captured when $30 million was recovered in September 2022 from the infamous Lazarus outfit-linked $600 million hack of the Axie Infinity Ronin Bridge. Though not all hope is lost for WazirX, “We’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, stated at the time.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Freezes Trading Following Major Hack appeared first on Coin Engineer.

Details of the WazirX Attack

The attack targeted a multisig wallet used by WazirX, which had employed Liminal’s digital asset custody and wallet infrastructure since February 2023. The wallet required six signatories—one from Liminal and five from WazirX—to approve transactions, enhancing security through multiple layers of approval.

Might interest you: Cryptocurrency Exchange WazirX Suffers $234 Million Hack

The breach occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. Hackers managed to exploit these discrepancies by replacing the payload, allowing them to gain control of the multisig wallet and steal the funds.

Despite using robust security measures, including the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack managed to bypass these defenses. The Liminal Custody team confirmed to Cointelegraph that their platform was not breached and that all WazirX wallets created on the Liminal platform remain secure. The malicious transactions were executed from outside Liminal’s infrastructure.

India’s Regulatory Landscape

Joanna Cheng, associate general counsel at Fireblocks, highlighted the regulatory challenges faced by the Indian crypto industry. She pointed out the absence of specific guidelines for security measures, risk management, and consumer protection in India.

Cheng noted, “There is no crypto-specific regulation in India so far […] Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).”

In response to the regulatory gaps, Indian Prime Minister Narendra Modi called for a global crypto framework at the G20 Summit in August 2023. Modi emphasized the global impact of emerging technologies like blockchain and cryptocurrencies and advocated for a comprehensive global regulatory framework.

WazirX’s Response and Recovery Efforts

On July 18, WazirX addressed the community via a post on X, detailing the breach and assuring stakeholders that efforts are underway to recover the stolen assets. The exchange described the attack as a “force majeure event,” explaining that despite taking “all necessary steps to protect customer assets,” the theft still occurred.

Joanna Cheng discussed WazirX’s invocation of a force majeure clause, which typically excuses parties from fulfilling contractual obligations due to unforeseen events. However, she noted that if the event was foreseeable and could have been avoided or mitigated with reasonable measures, the clause might not be applicable.

WazirX is currently collaborating with cybersecurity teams to locate and recover the stolen funds and has promised to keep the community updated with further developments. The incident highlights the ongoing challenges in securing digital assets and the need for robust regulatory frameworks to address such vulnerabilities.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hack: Analyzing the $230M Attack appeared first on Coin Engineer.

Lookonchain said in the X post that the hacker has swapped the money for 43,800 ETH ($149.46 million) and has about 59,097 ETH. Remaining in Dent, Chromia, Celer Network, and Frontier tokens, the wallet has almost $15 million worth of cryptocurrencies.

Lookonchain said, “It is worth noting that the WazirX exploiter deposited 7.7 million $Dent ($7.3K) to a Binance deposit address that has not been used before.”

Targeting its multisignature wallet on the Ethereum network, the Indian crypto exchange experienced a $230 million hack on Thursday. Among the over 200 different crypto assets stolen were Shiba Inu, Ethereum, Polygon, and PePe memecoin.

Since then, WazirX has stopped all withdrawals after acknowledging the security issue and characterizing the incident as a “force majeure event” outside its influence.

Another blockchain analytics company, Elliptic, claimed in a paper that on-chain evidence points to hackers connected to North Korea having carried out the vulnerability.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post WazirX Hacker Moves Stolen $230M to Ethereum appeared first on Coin Engineer.