{"id":25442,"date":"2024-07-19T18:30:21","date_gmt":"2024-07-19T15:30:21","guid":{"rendered":"https:\/\/coinengineer.io\/?p=25442"},"modified":"2024-07-19T17:05:35","modified_gmt":"2024-07-19T14:05:35","slug":"wazirx-hack-analyzing-the-230m-attack","status":"publish","type":"post","link":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/","title":{"rendered":"WazirX Hack: Analyzing the $230M Attack"},"content":{"rendered":"<p>The WazirX breach, one of the largest cyberattacks of the year, resulted in the loss of over $230 million from a multisig wallet. The incident underscores the vulnerabilities inherent in multisig wallets, even with stringent security measures in place.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_71 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#Details_of_the_WazirX_Attack\" title=\"Details of the WazirX Attack\">Details of the WazirX Attack<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#Indias_Regulatory_Landscape\" title=\"India\u2019s Regulatory Landscape\">India\u2019s Regulatory Landscape<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#WazirXs_Response_and_Recovery_Efforts\" title=\"WazirX\u2019s Response and Recovery Efforts\">WazirX\u2019s Response and Recovery Efforts<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Details_of_the_WazirX_Attack\"><\/span>Details of the WazirX Attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The attack targeted a multisig wallet used by WazirX, which had employed Liminal\u2019s digital asset custody and wallet infrastructure since February 2023. The wallet required six signatories\u2014one from Liminal and five from WazirX\u2014to approve transactions, enhancing security through multiple layers of approval.<\/p>\n<p><em>Might interest you: <a href=\"https:\/\/coinengineer.net\/blog\/breaking-cryptocurrency-exchange-wazirx-suffers-234-million-hack\/\">Cryptocurrency Exchange WazirX Suffers $234 Million Hack<\/a><\/em><\/p>\n<p>The breach occurred due to discrepancies between the data displayed on Liminal\u2019s interface and the actual transaction contents. Hackers managed to exploit these discrepancies by replacing the payload, allowing them to gain control of the multisig wallet and steal the funds.<\/p>\n<p>Despite using robust security measures, including the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack managed to bypass these defenses. The Liminal Custody team confirmed to Cointelegraph that their platform was not breached and that all WazirX wallets created on the Liminal platform remain secure. The malicious transactions were executed from outside Liminal\u2019s infrastructure.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Indias_Regulatory_Landscape\"><\/span>India\u2019s Regulatory Landscape<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Joanna Cheng, associate general counsel at Fireblocks, highlighted the regulatory challenges faced by the Indian crypto industry. She pointed out the absence of specific guidelines for security measures, risk management, and consumer protection in India.<\/p>\n<p>Cheng noted, \u201cThere is no crypto-specific regulation in India so far [&#8230;] Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).\u201d<\/p>\n<p>In response to the regulatory gaps, Indian Prime Minister Narendra Modi called for a global crypto framework at the G20 Summit in August 2023. Modi emphasized the global impact of emerging technologies like blockchain and cryptocurrencies and advocated for a comprehensive global regulatory framework.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"WazirXs_Response_and_Recovery_Efforts\"><\/span>WazirX\u2019s Response and Recovery Efforts<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>On July 18, WazirX addressed the community via a post on X, detailing the breach and assuring stakeholders that efforts are underway to recover the stolen assets. The exchange described the attack as a &#8220;force majeure event,&#8221; explaining that despite taking &#8220;all necessary steps to protect customer assets,&#8221; the theft still occurred.<\/p>\n<p>Joanna Cheng discussed WazirX\u2019s invocation of a force majeure clause, which typically excuses parties from fulfilling contractual obligations due to unforeseen events. However, she noted that if the event was foreseeable and could have been avoided or mitigated with reasonable measures, the clause might not be applicable.<\/p>\n<p>WazirX is currently collaborating with cybersecurity teams to locate and recover the stolen funds and has promised to keep the community updated with further developments. The incident highlights the ongoing challenges in securing digital assets and the need for robust regulatory frameworks to address such vulnerabilities.<\/p>\n<hr \/>\n<p><em>You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don\u2019t forget to follow us on our\u00a0<a href=\"https:\/\/t.me\/coinengineernews\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Telegram,\u00a0<\/strong><\/a><a href=\"https:\/\/www.youtube.com\/@CoinEngineer\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>YouTube<\/strong><\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/coinengineers\"><strong>Twitter<\/strong><\/a>\u00a0channels for the latest news and updates.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The WazirX breach, one of the largest cyberattacks of the year, resulted in the loss of over $230 million from a multisig wallet. The incident underscores the vulnerabilities inherent in multisig wallets, even with stringent security measures in place. Details of the WazirX Attack The attack targeted a multisig wallet used by WazirX, which had<\/p>\n","protected":false},"author":6,"featured_media":25396,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,2],"tags":[7464,7507,7465],"class_list":["post-25442","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exchange-news","category-news","tag-wazirx","tag-wazirx-crypto-hack","tag-wazirx-hack"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WazirX Hack: Analyzing the $230M Attack - Coin Engineer<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WazirX Hack: Analyzing the $230M Attack - Coin Engineer\" \/>\n<meta property=\"og:description\" content=\"The WazirX breach, one of the largest cyberattacks of the year, resulted in the loss of over $230 million from a multisig wallet. The incident underscores the vulnerabilities inherent in multisig wallets, even with stringent security measures in place. Details of the WazirX Attack The attack targeted a multisig wallet used by WazirX, which had\" \/>\n<meta property=\"og:url\" content=\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Coin Engineer\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-19T15:30:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-19T14:05:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2240\" \/>\n\t<meta property=\"og:image:height\" content=\"1260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tanju Akb\u0131y\u0131k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/\",\"url\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/\",\"name\":\"WazirX Hack: Analyzing the $230M Attack - Coin Engineer\",\"isPartOf\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp\",\"datePublished\":\"2024-07-19T15:30:21+00:00\",\"dateModified\":\"2024-07-19T14:05:35+00:00\",\"author\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\"},\"breadcrumb\":{\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage\",\"url\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp\",\"contentUrl\":\"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp\",\"width\":2240,\"height\":1260,\"caption\":\"WazirX\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/coinengineer.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WazirX Hack: Analyzing the $230M Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#website\",\"url\":\"https:\/\/coinengineer.net\/blog\/\",\"name\":\"Coin Engineer\",\"description\":\"Btc, Coins, Pre-Sale, DeFi, NFT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/coinengineer.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546\",\"name\":\"Tanju Akb\u0131y\u0131k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g\",\"caption\":\"Tanju Akb\u0131y\u0131k\"},\"url\":\"https:\/\/coinengineer.net\/blog\/author\/cetanju\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WazirX Hack: Analyzing the $230M Attack - Coin Engineer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/","og_locale":"en_US","og_type":"article","og_title":"WazirX Hack: Analyzing the $230M Attack - Coin Engineer","og_description":"The WazirX breach, one of the largest cyberattacks of the year, resulted in the loss of over $230 million from a multisig wallet. The incident underscores the vulnerabilities inherent in multisig wallets, even with stringent security measures in place. Details of the WazirX Attack The attack targeted a multisig wallet used by WazirX, which had","og_url":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/","og_site_name":"Coin Engineer","article_published_time":"2024-07-19T15:30:21+00:00","article_modified_time":"2024-07-19T14:05:35+00:00","og_image":[{"width":2240,"height":1260,"url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp","type":"image\/webp"}],"author":"Tanju Akb\u0131y\u0131k","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tanju Akb\u0131y\u0131k","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/","url":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/","name":"WazirX Hack: Analyzing the $230M Attack - Coin Engineer","isPartOf":{"@id":"https:\/\/coinengineer.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage"},"image":{"@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp","datePublished":"2024-07-19T15:30:21+00:00","dateModified":"2024-07-19T14:05:35+00:00","author":{"@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546"},"breadcrumb":{"@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#primaryimage","url":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp","contentUrl":"https:\/\/coinengineer.net\/blog\/wp-content\/uploads\/2024\/07\/wazirx-1721291019573-16_9.webp","width":2240,"height":1260,"caption":"WazirX"},{"@type":"BreadcrumbList","@id":"https:\/\/coinengineer.net\/blog\/wazirx-hack-analyzing-the-230m-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/coinengineer.net\/blog\/"},{"@type":"ListItem","position":2,"name":"WazirX Hack: Analyzing the $230M Attack"}]},{"@type":"WebSite","@id":"https:\/\/coinengineer.net\/blog\/#website","url":"https:\/\/coinengineer.net\/blog\/","name":"Coin Engineer","description":"Btc, Coins, Pre-Sale, DeFi, NFT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/coinengineer.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/286f3a00b45c1661961e40ff0a1c7546","name":"Tanju Akb\u0131y\u0131k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/coinengineer.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a027c5acae1ab2c3649244f87d705ac7ee359dd7e3222b84cb1d32ba3a8d2e18?s=96&d=mm&r=g","caption":"Tanju Akb\u0131y\u0131k"},"url":"https:\/\/coinengineer.net\/blog\/author\/cetanju\/"}]}},"_links":{"self":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/25442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/comments?post=25442"}],"version-history":[{"count":3,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/25442\/revisions"}],"predecessor-version":[{"id":25445,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/posts\/25442\/revisions\/25445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media\/25396"}],"wp:attachment":[{"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/media?parent=25442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/categories?post=25442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinengineer.net\/blog\/wp-json\/wp\/v2\/tags?post=25442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}