Multi-Signature Wallet Vulnerability Exploited in WazirX Crypto Heist

Indian police have arrested a resident of Bengal suspected of orchestrating a hacking attack on the cryptocurrency exchange WazirX. The breach resulted in the theft of $235 million worth of cryptocurrency assets from the exchange’s multi-signature wallets.

According to an indictment shared by Cointelegraph, the breach was not linked to vulnerabilities within WazirX’s internal systems. The hackers accessed the exchange by exploiting a fraudulent account, which had been sold via Telegram and subsequently used by a third party.

Throughout the investigation, WazirX cooperated extensively with authorities, providing all necessary resources, including hardware, customer data, and transaction logs. The Indian Cyber Crime Unit (IFSO) confirmed that the exchange’s systems remained uncompromised, attesting to its robust security infrastructure.

Investigators revealed that the hackers gained access to the cryptocurrency wallets through deception, siphoning significant funds. The detained individual was allegedly part of a group that utilized fake accounts to infiltrate the platform. He confessed to receiving a substantial reward for selling a WazirX account through Telegram.

However, the investigation encountered delays due to the slow response from third-party companies managing the exchange’s digital assets, which hindered the timely provision of critical data.

Meanwhile, WazirX entered a dispute with its digital asset custody partner, Liminal Custody. On October 22, Liminal issued a statement accusing WazirX of spreading misinformation. According to Liminal, WazirX had blamed the company for the breach, despite continuing to store assets on the platform for 75 days after the attack.

WazirX responded by announcing that it had initiated the transfer of remaining assets to new, highly secure wallets. Independent audits confirmed that the exchange’s systems had remained intact, despite the challenges faced during the investigation.

Following the theft of nearly half of its reserves in what has been described as the largest cryptocurrency heist in India’s history, WazirX suspended all trading operations. The company later unveiled a week-long recovery plan, proposing a “fair and transparent social distribution strategy” to equitably share losses among its users. The decision sparked widespread outrage within the local cryptocurrency community.

The cyberattack on WazirX involved the theft of over 200 different cryptocurrencies. The assault targeted one of the company’s multi-signature wallets, which requires multiple keyholders to authorize transactions. The compromised wallet was signed by six individuals—five from WazirX and one from Liminal. Most transactions on the platform required the approval of three WazirX signatories and one from Liminal. The attackers exploited a discrepancy between Liminal’s interface and the actual transaction data, successfully bypassing the security system.