Indian Crypto Exchange WazirX Confirms Multisig Wallet Security Breach, Loses $235 Million

• India’s cryptocurrency platform WazirX announced one of its multisig wallets had suffered a security breach.
• The crypto firm noticed a suspicious transfer worth almost $235 million in assets and started an inquiry into the incident.
• The multiple transactions on the Ethereum network moved the funds to a new address.

Indian crypto exchange WazirX confirmed it had suffered a multisig wallet security breach after almost $235 million in assets were suspiciously transferred out of the platform and to a new address earlier on Thursday. WazirX reported holdings of just above $502 million in its latest 'Proof of Reserve' report, so this amount is almost half of its assets.

WazirX said one of its Liminal multisig wallets had suffered a security breach – wallets that require two or more private keys for authentication. The company said their team is actively investigating the security incident and working on the matter, temporarily pausing INR and crypto withdrawals as a precaution.

Web3 security firm Cyvers announced on X today that they detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on the Ethereum network, which resulted in $234.9 million being moved to a new address. 

The suspicious address has already swapped Pepe and Gala tokens and USDT to Etherium and continues to do so with other digital assets, as per the report, with each transaction’s caller funded by the fully decentralized protocol for private transactions on Ethereum, Tornado Cash.

Third-party blockchain explorer Lookchain reported that SHIB tokens worth $102 million, over 15k Ethereum tokens, 20.5 million Matic tokens, 640.27 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens were transferred out of the platform.

Reports say that blockchain data suggests the attackers are trying to offload the assets using the decentralized exchange Uniswap.

WazirX separated from Binance in early 2023 after their public fallout in 2022 over the ownership of the Indian firm. In January, India’s Financial Intelligence Unit (FUI) blocked URLs of several foreign crypto exchanges for failing to comply with local anti-money-laundering policies, including Binance.