WazirX, one of India’s prominent cryptocurrency exchanges, has fallen victim to a staggering hack resulting in the loss of $235 million, marking one of the largest crypto heists of the year. The breach was initially flagged by web 3 security firm Cyvers Alert, which detected suspicious transactions from WazirX’s Safe Multisig wallet on the Ethereum blockchain.
What’s particularly alarming is that the hacker swiftly initiated the sale of the stolen funds, yet WazirX has remained notably silent on the security of user funds despite acknowledging the breach. Nearly $234.9 million, originally held in the Safe Multisig wallet, was transferred to a new wallet with every transaction obfuscated through Tornado Cash. The attacker promptly converted the pilfered assets, including Tether (USDT), Pepe (PEPE), and Gala (GALA), into Ether (ETH).
Crypto analyst ZachXBT reported via his Telegram channel that the primary hacker retains control over $104 million, still holding substantial amounts of SHIB and FLOKI tokens valued at over $100 million and $4.7 million, respectively, which have yet to be liquidated.
In response, WazirX took to X (formerly Twitter), asserting ongoing efforts to identify the perpetrator who accessed their multisig wallets and attempting to recover users’ assets. The exchange has taken precautionary measures by halting all cryptocurrency and Indian Rupee (INR) withdrawals to prevent further losses.
Despite these assurances, users remain apprehensive as WazirX has not provided definitive assurances regarding the security of their funds. The incident underscores the persistent vulnerabilities within cryptocurrency exchanges and the imperative for robust security measures to safeguard user assets from increasingly sophisticated cyber threats.