The post Analyzing the WazirX Hack: What Went Wrong and Who’s to Blame? appeared first on Coinpedia Fintech News
WazirX, an Indian exchange, on July 18, 2024, lost more than $230 million of the client’s assets due to a hack. This unfortunate hack has led to more info coming to light after a pseudonymous blockchain analyst Boring Sleuth revealed flawed securities and deceptive actions by wazirx
Centralised ExchangeCrypto trading and Information
A recent investigation by Boring Sleuth mainly involved the contrast of the initial report on the incident by WazirX and actual on-chain data of the utilized multi-sig wallet address. Several alarming discrepancies emerged:
Misleading multi-sig security claims
WazirX claimed that for the transactions to be processed in their multi-sig wallet, three signatures from WazirX executives and the final signatory permission from Liminal were mandatory. In reality, it is necessary to get four signatures out of six approved addresses for the setup.
This was an obvious sign of either a lack of accurate information on their own security measures or a complete lack of understanding of what their security policy was.
Compromised multi-sig setup
By getting more into the case, it was discovered that four out of the five multi-sig addresses had a single set-up and funding. This implied that a single person might have had control of all the five addresses which was going in contrary to the multisig which was set aim at decentralizing controls in case one key was leaked to the wrong individuals.
Pertains to the Binance connection
Analyzing the historical on-chain data, Boring Sleuth identified that WazirX’s main exchange address was previously connected with Binance. This link created doubts regarding its legitimacy and also the affiliation of WazirX.
Ignored warnings
Addressing the issue on July 6th, which was 12 days before the exploit, Boring Sleuth pointed out that similar multi-sig setups were vulnerable in various Layer 2 solutions including WazirX. Nevertheless, no actions were carried out to alter this situation and the given warnings remained just that – warnings.
Deflecting blame
WazirX tried to pin down the blame on Liminal when, in fact, the latter only managed one of the six signatures in total, out of which an incompetent five belonged to WazirX. This deflection seemed rather unconvincing in light of the true control relations at the time, which only served to intensify the lack of trust in the exchange.
The investigation led by Boring Sleuth shows that there are numerous vulnerabilities in WazirX’s security and there is a high likelihood of dishonesty. It is now Wazirx’s responsibility to clear the doubts of their users and return funds safely.
Also Read: Ball Token Scandal: Lil Hippie NFT Connection Raises Red Flags, Community Outraged!