WazirX Hack Update: Indian Crypto Exchange Suffers $230 Million Loss

WazirX 黑客更新：印度加密货币交易所遭受 2.3 亿美元损失

Thursday, July 18, 2024:

2024 年 7 月 18 日星期四：

On Thursday, July 18, 2024, Indian cryptocurrency exchange WazirX was compromised in a devastating security breach. The attack resulted in the theft of over $230 million worth of crypto assets.

2024 年 7 月 18 日星期四，印度加密货币交易所 WazirX 遭遇毁灭性安全漏洞。此次攻击导致价值超过 2.3 亿美元的加密资产被盗。

WazirX Hack: What Happened?

WazirX 黑客攻击：发生了什么？

WazirX announced on their social media platform X that their multisig wallet had been compromised. The wallet was secured using Liminal's digital asset custody and wallet infrastructure.

WazirX 在他们的社交媒体平台 X 上宣布，他们的多重签名钱包已被泄露。该钱包使用 Liminal 的数字资产托管和钱包基础设施进行保护。

Despite security measures, the attackers exploited a discrepancy between the data displayed on Liminal's interface and the transaction contents. This allowed them to gain control over the wallet.

尽管采取了安全措施，攻击者还是利用了 Liminal 界面上显示的数据与交易内容之间的差异。这使他们能够控制钱包。

The breach targeted WazirX's Ethereum multisig wallet, affecting both Ethereum (ETH) and ERC-20 tokens. The attackers stole 15,298 ETH, which they subsequently swapped for other assets, resulting in a total of 59,097 ETH (approximately $218 million).

该漏洞针对的是 WazirX 的以太坊多重签名钱包，影响了以太坊 (ETH) 和 ERC-20 代币。攻击者窃取了 15,298 ETH，随后将其兑换成其他资产，总计 59,097 ETH（约合 2.18 亿美元）。

WazirX's Response and Actions

WazirX 的反应和行动

In response, WazirX swiftly suspended INR and crypto withdrawals to protect remaining assets. They also filed a police complaint and reported the incident to relevant authorities.

作为回应，WazirX 迅速暂停了印度卢比和加密货币提款，以保护剩余资产。他们还向警方投诉并向有关当局报告了这一事件。

WazirX has reached out to over 500 exchanges to block the identified addresses involved in the theft. Other exchanges have also reportedly cooperated with the investigation.

WazirX 已联系 500 多家交易所，以封锁涉及盗窃的已识别地址。据报道，其他交易所也配合了调查。

WazirX and Liminal have blamed each other for security lapses. Liminal claims no compromise of their infrastructure and accuses WazirX of vulnerabilities.

WazirX 和 Liminal 互相指责对方存在安全漏洞。 Liminal 声称其基础设施没有受到损害，并指责 WazirX 存在漏洞。

Recovery Efforts

恢复工作

Recovering the stolen funds is challenging. The hacker's Ethereum holdings have increased significantly through the liquidation of stolen assets. Additionally, they have used Tornado Cash to obscure the funds' origin and destination.

追回被盗资金具有挑战性。通过清算被盗资产，黑客持有的以太坊大幅增加。此外，他们还使用 Tornado Cash 来掩盖资金的来源和目的地。

WazirX is working with forensic experts and law enforcement agencies to track the funds and identify the perpetrators. They have also received support from the crypto community.

WazirX 正在与法医专家和执法机构合作，追踪资金并查明肇事者。他们还得到了加密社区的支持。

Impact on WazirX Investors

对 WazirX 投资者的影响

For WazirX investors, the primary concern is whether they will recover their funds. Key factors influencing the outcome include:

对于 WazirX 投资者来说，最关心的是能否收回资金。影响结果的关键因素包括：

• Tracing and Recovery Efforts: Forensic investigations and collaboration with law enforcement and exchanges are crucial.
• Community Support: The involvement of the crypto community enhances tracing and recovery chances.
• Legal Actions: Legal actions can assist in apprehending perpetrators and recovering funds.
• Compensation Plans: If funds cannot be fully recovered, WazirX may need to create compensation plans for affected investors.
• Use of Tornado Cash: If the stolen assets are transferred to Tornado Cash, recovery may be challenging.
• No Insider Job: WazirX's founder, Nischal Shetty, denies insider involvement, indicating a sophisticated external attack.

追踪和恢复工作：法证调查以及与执法部门和交易所的合作至关重要。社区支持：加密货币社区的参与可以提高追踪和恢复的机会。法律行动：法律行动可以帮助逮捕肇事者并追回资金。补偿计划：如果资金无法完全追回，WazirX 可能需要为受影响的投资者制定补偿计划。 Tornado Cash 的使用：如果被盗资产转移到 Tornado Cash，追回可能具有挑战性。 无内幕消息：WazirX 的创始人 Nischal Shetty 否认内部人员参与，表明复杂的外部攻击。