India's largest crypto exchange WazirX robbed of 235 million dollars
Attackers are said to have manipulated the display of bank transfers. WazirX sent the perpetrators a lot of crypto coins. Customers have to wait.
(Image: LightField Studios/Shutterstock.com)
WazirX, the largest cryptocurrency exchange in the world's most populous country, has imposed a payout freeze. This is because false transfers were foisted on WazirX, meaning that crypto coins with a market value of around 235 million dollars were missing in one fell swoop. This corresponds to almost half of the exchange's crypto holdings. Experts such as Elliptic and zachxbt have found indications that North Korean agents helped themselves to the treasure.
According to preliminary findings by WazirX, the attack was carried out via the user interface of an external service for confirming crypto transactions. Transfers that WazirX wanted to carry out were displayed on the screen, but in fact completely different transactions were stored in the system and then confirmed by WazirX. Coins of various cryptocurrencies were stolen, with Shiba Inu and Ethereum accounting for the largest chunks. The perpetrators immediately exchanged the loot for Ethereum, which caused the price of Shiba Inu to fall by around ten percent. They then fed the Ethereum through the Tornado Cash crypto scrubber.
Remaining assets unknown
WazirX speaks of "force majeure": the company claims to have taken all conceivable precautions. As a rule, three out of five designated WazirX employees had to confirm such transfers (using hardware wallets), after which the service provider Liminal also had to approve them. In addition, it was planned that transfers would only be permitted to certain predetermined wallets (whitelist).
"Although we have taken all necessary steps to protect customer balances, it appears that the attackers may have overcome such security measures and the theft has occurred," writes WazirX. "We are turning over every stone to find and recover the (crypto coins). We are in touch with the best resources that can help us in this effort."
As recently as June, WazirX proudly announced it had around 504 million USDT in reserves, which was slightly more than the sum of its customer balances. USDT are units of the US dollar variant of the Tether stablecoin at approximate parity with the US dollar. At the time, interested parties could view the live status of the WazirX reserves online at any time. Now this website is offline "for maintenance work", which does not exactly boost confidence in the exchange. It remains to be seen where the money for the full payout of customer balances will come from.
(ds)