In the attack that occurred yesterday, which Elliptic claims was carried out by hackers based in North Korea, WazirX lost more than $230 million in funds.
Cybersecurity firm Elliptic has attributed North Korean actors to the attack that resulted in WazirX, India's largest crypto exchange, losing more than $230 million.
In the meantime, WazirX has published its own analysis of the exploit in a preliminary incident report dated July 18 and announced on Twitter on Friday morning that it has filed a report with the police.
WazirX made sense of in its report that the episode saw one of the company's multi-signature wallets send assets to a non-whitelisted address. The company claims that this occurred because Liminal, a multi-signature asset custody platform, displayed a whitelisted address on the user interface, despite the fact that the funds were actually being sent to a different address.
The latest: We have filed a police complaint and are taking additional legal action in response to the cyberattack. As we move forward, we will keep the community informed.
WazirX's multi-signature wallets were developed "outside of the Liminal ecosystem," according to the Liminal team. "Liminal's platform is not breached and Liminal's infrastructure, wallets, and assets continue to remain safe," the team stated in its own Twitter report.
This seems to indicate that the client device used to access Liminal's multi-signature asset management platform may have been compromised in order to display an incorrect address. However, WazirX asserts that Liminal "earmarked and facilitated on the interface" the "whitelisted addresses."
Update: Our primer examinations show that one of the self guardianship multi-sig savvy contract wallets made beyond the Liminal environment has been compromised. We are able to confirm that Liminal's infrastructure, wallets, and assets have not been compromised, as well as its platform. WazirX stated in its report that the attack was caused by "a discrepancy between the data displayed on Liminal’s interface and the actual contents of the transaction." According to the cryptocurrency exchange, there was a discrepancy between the signed document and the information on Liminal's interface.
WazirX wrote, "We suspect the payload was replaced in order to transfer wallet control to an attacker."
The exchange appears to suggest that the custody service provider did not approve a transaction with their multisignature address to an address that is not on the whitelist. However, the report from Liminal suggests that the multisignature wallet itself was compromised and that it was created outside of the company's control, putting the blame squarely on the exchange.
When Decrypt inquired for clarification, neither Liminal nor WazirX provided an immediate response.
The loss, according to Elliptic, is approximately $235 million and encompasses more than 200 distinct assets. This includes Shiba Inu (SHIB) worth approximately $97 million, Ethereum (ETH) worth $52.6 million, Polygon (MATIC) worth $11 million, and Pepe (PEPE) worth $7.6 million.
A number of decentralized exchanges were used to exchange some of those assets for ETH, which was expected to be the first step in laundering hack proceeds. Elliptic wrote, "Based on on-chain analysis and other information analyzed, this hack was carried out by North Korean hackers."
Decrypt inquired for clarification, but Alejandro Cao de Benos de Les Perez, the DPRK Special Representative of the Foreign Ministry, did not immediately respond.
Cybersecurity firm Elliptic has attributed North Korean actors to the attack that resulted in WazirX, India's largest crypto exchange, losing more than $230 million.
In the meantime, WazirX has published its own analysis of the exploit in a preliminary incident report dated July 18 and announced on Twitter on Friday morning that it has filed a report with the police.
WazirX made sense of in its report that the episode saw one of the company's multi-signature wallets send assets to a non-whitelisted address. The company claims that this occurred because Liminal, a multi-signature asset custody platform, displayed a whitelisted address on the user interface, despite the fact that the funds were actually being sent to a different address.
The latest: We have filed a police complaint and are taking additional legal action in response to the cyberattack. As we move forward, we will keep the community informed.
WazirX's multi-signature wallets were developed "outside of the Liminal ecosystem," according to the Liminal team. "Liminal's platform is not breached and Liminal's infrastructure, wallets, and assets continue to remain safe," the team stated in its own Twitter report.
This seems to indicate that the client device used to access Liminal's multi-signature asset management platform may have been compromised in order to display an incorrect address. However, WazirX asserts that Liminal "earmarked and facilitated on the interface" the "whitelisted addresses."
Update: Our primer examinations show that one of the self guardianship multi-sig savvy contract wallets made beyond the Liminal environment has been compromised. We are able to confirm that Liminal's infrastructure, wallets, and assets have not been compromised, as well as its platform. WazirX stated in its report that the attack was caused by "a discrepancy between the data displayed on Liminal’s interface and the actual contents of the transaction." According to the cryptocurrency exchange, there was a discrepancy between the signed document and the information on Liminal's interface.
WazirX wrote, "We suspect the payload was replaced in order to transfer wallet control to an attacker."
The exchange appears to suggest that the custody service provider did not approve a transaction with their multisignature address to an address that is not on the whitelist. However, the report from Liminal suggests that the multisignature wallet itself was compromised and that it was created outside of the company's control, putting the blame squarely on the exchange.
When Decrypt inquired for clarification, neither Liminal nor WazirX provided an immediate response.
The loss, according to Elliptic, is approximately $235 million and encompasses more than 200 distinct assets. This includes Shiba Inu (SHIB) worth approximately $97 million, Ethereum (ETH) worth $52.6 million, Polygon (MATIC) worth $11 million, and Pepe (PEPE) worth $7.6 million.
A number of decentralized exchanges were used to exchange some of those assets for ETH, which was expected to be the first step in laundering hack proceeds. Elliptic wrote, "Based on on-chain analysis and other information analyzed, this hack was carried out by North Korean hackers."
Decrypt inquired for clarification, but Alejandro Cao de Benos de Les Perez, the DPRK Special Representative of the Foreign Ministry, did not immediately respond.
