Investigating the WazirX Hack and Flow of Funds
Prachi Pandey
WazirX, a leading Indian cryptocurrency exchange catering primarily to the domestic market, suffered a major security breach on July 18th, 2024. Hackers managed to siphon off more than $234.74 million worth of crypto assets in over 190 different tokens.
WazirX Responds and Pauses Withdrawals
WazirX acknowledged the breach via a post on X (formerly Twitter), stating their team is actively investigating the incident. To safeguard user assets, they have temporarily halted INR and crypto withdrawals.
WazirX acknowledged the security breach through a post on X (formerly Twitter)
According to the post, WazirX employed a multi-sig wallet for increased security. This wallet required six signatures for any transaction to proceed. Five signatories belonged to the WazirX team, while the remaining signatories were from a partner company, Liminal. Liminal's role involved verifying transactions. However, the attackers managed to exploit a critical security gap, bypassing these safeguards and gaining control of the platform's wallet.
Merkle Science’s Flow of Funds Analysis
Merkle Science’s blockchain forensics tool ‘Tracker’ visualizes the flow of funds
The attackers made away with a diverse range of cryptocurrencies, including popular tokens like:
- MATIC: $11,166,889.57
- SHIBA: $97,264,169.13
- ETH: $52,975,393.96
Full list of stolen assets here.
While the stolen funds haven't been moved significantly yet, large deposits are being made to a prominent algorithmic trading platform, a firm with a controversial past. This platform has reportedly received funds from attackers involved in numerous other crypto hacks like the Peapods exploit, AI Protocol User exploit, and Poloniex hack. This connection raises suspicions of potential money laundering activities.
A small portion of the funds (~$7,500) was relayed over to a prominent KYC-compliant exchange, while about ~$107K was transferred to a non-custodial instant crypto swap service which also has a history of receiving funds from illicit sources such as malware, exploits, sanctioned entities (Tornado Cash) and high-risk jurisdiction entities.
The attackers reportedly converted the stolen crypto assets using various decentralized services, a tactic often employed for obfuscating the trail of stolen funds.
The Merkle Science security system has already tagged the wallets associated with the WazirX hack as "high-risk". This triggers a flagging process that will extend to any address with direct or indirect exposure to these compromised wallets. The specific alerts generated will be tailored according to your organization's established risk management protocols.
What This Means for Indian Crypto Users
WazirX is one of the few Financial Intelligence Unit (FIU) registered exchanges in India, allowing Indian citizens to trade crypto legally. This incident highlights the importance of effective security measures for Indian crypto exchanges and serves as a reminder for users to be extra vigilant going ahead.