Token

WazirX

The post <a href="https://coinpedia.org/news/analyzing-the-wazirx-hack-what-went-wrong-and-whos-to-blame/" rel="noopener noreferrer nofollow">Analyzing the WazirX Hack: What Went Wrong and Who’s to Blame?</a> appeared first on <a href="https://coinpedia.org" rel="noopener noreferrer nofollow">Coinpedia Fintech News</a>
WazirX, an Indian exchange, on July 18, 2024,&nbsp; lost more than $230 million of the client’s assets due to a hack. This unfortunate hack has led to more info coming to light after a pseudonymous blockchain analyst Boring Sleuth <a href="https://x.com/BoringSleuth/status/1819144838157422878" target="_blank" rel="noopener noreferrer nofollow">revealed </a>flawed securities and deceptive actions by <a href="https://app.coinpedia.org/company/wazirxindia" target="_blank" class="profile-details" rel="noopener noreferrer nofollow">wazirx</a> <img decoding="async" src="https://image.coinpedia.org/wp-content/uploads/2022/11/10122626/info_icon.svg" alt="information" class="info-icons"> <a href="https://app.coinpedia.org/company/wazirxindia" target="_blank" rel="noopener noreferrer nofollow"><img decoding="async" src="https://image.coinpedia.org/wp-content/uploads/2022/11/09190601/link.svg" alt="link"></a> <a href="http://www.wazirx.com/" target="_blank" rel="noopener noreferrer nofollow"> <img decoding="async" src="https://image.coinpedia.org/app_uploads/profile/1658301823523ewx7atj6re.png" class="company_logo_img" alt="profile company logo" title="profile company logo"></a> wazirx Centralised ExchangeCrypto trading and Information <a href="http://www.wazirx.com/" target="_blank" rel="noopener noreferrer nofollow"><img decoding="async" src="https://image.coinpedia.org/wp-content/uploads/2022/11/10161442/globe.svg" alt="globe icon" title="globe icon"></a> 
A recent investigation by Boring Sleuth mainly involved the contrast of the initial report on the incident by WazirX and actual on-chain data of the utilized multi-sig wallet address. Several alarming discrepancies emerged:
<h2 class="wp-block-heading" id="h-misleading-multi-sig-security-claims">Misleading multi-sig security claims</h2>
WazirX claimed that for the transactions to be processed in their multi-sig wallet, three signatures from WazirX executives and the final signatory permission from Liminal were mandatory. In reality, it is necessary to get four signatures out of six approved addresses for the setup.&nbsp;
This was an obvious sign of either a lack of accurate information on their own security measures or a complete lack of understanding of what their security policy was.
<h3 class="wp-block-heading" id="h-compromised-multi-sig-setup">Compromised multi-sig setup</h3>
By getting more into the case, it was discovered that four out of the five multi-sig addresses had a single set-up and funding. This implied that a single person might have had control of all the five addresses which was going in contrary to the multisig which was set aim at decentralizing controls in case one key was leaked to the wrong individuals.
<h3 class="wp-block-heading" id="h-pertains-to-the-binance-connection">Pertains to the Binance connection</h3>
Analyzing the historical on-chain data, Boring Sleuth identified that WazirX’s main exchange address was previously <a href="https://coinpedia.org/news/wazirx-hack-shocking-revelations-uncover-binance-connection" target="_blank" rel="noopener noreferrer nofollow">connected</a> with Binance. This link created doubts regarding its legitimacy and also the affiliation of WazirX.
<h3 class="wp-block-heading" id="h-ignored-warnings">Ignored warnings</h3>
Addressing the issue on July 6th, which was 12 days before the exploit, Boring Sleuth <a href="https://x.com/BoringSleuth/status/1809660985508261984" rel="noopener noreferrer nofollow">pointed </a>out that similar multi-sig setups were vulnerable in various Layer 2 solutions including WazirX. Nevertheless, no actions were carried out to alter this situation and the given warnings remained just that – warnings.
<h3 class="wp-block-heading" id="h-deflecting-blame">Deflecting blame</h3>
WazirX tried to pin down the blame on Liminal when, in fact, the latter only managed one of the six signatures in total, out of which an incompetent five belonged to WazirX. This deflection seemed rather unconvincing in light of the true control relations at the time, which only served to intensify the lack of trust in the exchange.
The investigation led by Boring Sleuth shows that there are numerous vulnerabilities in WazirX’s security and there is a high likelihood of dishonesty. It is now Wazirx’s responsibility to clear the doubts of their users and return funds safely.
Also Read: <a href="https://coinpedia.org/news/crypto-hack-alert-330k-vanished-in-ball-token-and-lil-hippie-nft-scandal/" target="_blank" rel="noopener noreferrer nofollow">Ball Token Scandal: Lil Hippie NFT Connection Raises Red Flags, Community Outraged!</a>

Analyzing the WazirX Hack: What Went Wrong and Who’s to Blame?

Table of Contents

CoinPedia News

Other articles published on Aug 2, 2024

Solana Price Dips Amid Market Volatility

Crypto Scams on the Rise: Fake Video Conferencing Apps Target Job Seekers for Crypto

Crypto Biz: Stablecoins wave, crypto trading via UAE banks, and more

Hong Kong broker offers new customers deposit bonuses in Bitcoin

Do Kwon To Be Extradited To South Korea After Montenegro Rejects US Bid

Ethereum Whales Boost Holdings

Join our free newsletter for daily crypto updates!