Leading to over USD 230 million in withdrawals, Indian cryptocurrency exchange WazirX experienced a significant security breach on Thursday. Due to this breach, it affected one of its multisig wallets which caused a substantial loss of user funds.
WazirX stated on this post on X saying, "We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We'll keep you posted with further updates."
Furthermore, the exchange has confirmed the incident and are investigating the outflows. Also, all the withdrawals have been temporarily suspended. The exchange further added: "We have identified two more exploited smart contracts. Our team is still investigating the incident. For the time being, we have opened up a secluded website to revoke all approvals. Your funds are at risk until you revoke." Liminal Custody has also come out with the statement clarifying that the multisig smart contract wallets which were created outside of the Liminal ecosystem have beem impacted.
Liminal Custody statement read, "Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets and assets continue to remain safe."
The statement further highlighted, "It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform. Adhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation."
So What is Multisig Wallets?
When we speak of transactions, Multisig wallets require two or more private keys to authenticate and confirm; an added layer of security which is designed to protect user funds. However, it seems to have been compromised in this instance.