Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Market Overview
CoinMarketCap 100 Index
Fear and Greed Index
Altcoin Season Index
Bitcoin Dominance
Crypto ETFs
Overall NFT Stats
Upcoming Sales
New Pairs
Trending Pairs
Meme Explorer
Gainers & Losers
Community Votes
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Labs
Telegram Bot
Advertise
Crypto API
Site Widgets
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
Academy
Research
Videos
Glossary
A recent investigation by Boring Sleuth mainly involved the contrast of the initial report on the incident by WazirX and actual on-chain data of the utilized multi-sig wallet address. Several alarming discrepancies emerged:
Misleading multi-sig security claims
WazirX claimed that for the transactions to be processed in their multi-sig wallet, three signatures from WazirX executives and the final signatory permission from Liminal were mandatory. In reality, it is necessary to get four signatures out of six approved addresses for the setup.
This was an obvious sign of either a lack of accurate information on their own security measures or a complete lack of understanding of what their security policy was.
Compromised multi-sig setup
By getting more into the case, it was discovered that four out of the five multi-sig addresses had a single set-up and funding. This implied that a single person might have had control of all the five addresses which was going in contrary to the multisig which was set aim at decentralizing controls in case one key was leaked to the wrong individuals.
Pertains to the Binance connection
Ignored warnings
Deflecting blame
WazirX tried to pin down the blame on Liminal when, in fact, the latter only managed one of the six signatures in total, out of which an incompetent five belonged to WazirX. This deflection seemed rather unconvincing in light of the true control relations at the time, which only served to intensify the lack of trust in the exchange.
The investigation led by Boring Sleuth shows that there are numerous vulnerabilities in WazirX’s security and there is a high likelihood of dishonesty. It is now Wazirx’s responsibility to clear the doubts of their users and return funds safely.