Decoding Wazirx Multisig Wallet’s $235M Exploit
Contents
On 18th July 2024, WazirX, a prominent cryptocurrency exchange, experienced a catastrophic security breach resulting in a loss of over $235 million. The attack was meticulously planned and executed over 10 days, ultimately compromising their multisig wallet by upgrading it to a malicious implementation.
This detailed report provides an in-depth analysis of how the hack occurred, the specific vulnerability exploited, the current efforts by WazirX to resolve the situation, and how they could have prevented this from happening.
These were minted through the Gnosis Safe Proxy contract and sent to the attacker's wallet
At the time of writing, the attacker’s primary wallet holds $148,899,745.12 with major holding in 43.8k ETH. Rest of the altcoins are sold for ETH.
Another major account
holds $66,280,399.07 with 15.296k ETH
The attackers deployed a phishing smart contract designed to mimic a legitimate Safe Implementation Skeleton. This contract, although seemingly innocuous, contained malicious code aimed at exploiting the multisig wallet. The …
This detailed report provides an in-depth analysis of how the hack occurred, the specific vulnerability exploited, the current efforts by WazirX to resolve the situation, and how they could have prevented this from happening.
These were minted through the Gnosis Safe Proxy contract and sent to the attacker's wallet
At the time of writing, the attacker’s primary wallet holds $148,899,745.12 with major holding in 43.8k ETH. Rest of the altcoins are sold for ETH.
Another major account
holds $66,280,399.07 with 15.296k ETH
The attackers deployed a phishing smart contract designed to mimic a legitimate Safe Implementation Skeleton. This contract, although seemingly innocuous, contained malicious code aimed at exploiting the multisig wallet. The …
IoC
000000000000000000000000ef279c2ab14960aa319008cbea384b9f8ac35fc6
ef279c2ab14960aa319008cbea384b9f8ac35fc6
ef279c2ab14960aa319008cbea384b9f8ac35fc6