Efe Nail Saltık 
The WazirX breach, one of the largest cyberattacks of the year, resulted in the loss of over $230 million from a multisig wallet. The incident underscores the vulnerabilities inherent in multisig wallets, even with stringent security measures in place.
Details of the WazirX Attack
The attack targeted a multisig wallet used by WazirX, which had employed Liminal’s digital asset custody and wallet infrastructure since February 2023. The wallet required six signatories—one from Liminal and five from WazirX—to approve transactions, enhancing security through multiple layers of approval.
Might interest you: Cryptocurrency Exchange WazirX Suffers $234 Million Hack
The breach occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents. Hackers managed to exploit these discrepancies by replacing the payload, allowing them to gain control of the multisig wallet and steal the funds.
Despite using robust security measures, including the Gnosis Safe multisig smart contract platform and a whitelisting policy, the attack managed to bypass these defenses. The Liminal Custody team confirmed to Cointelegraph that their platform was not breached and that all WazirX wallets created on the Liminal platform remain secure. The malicious transactions were executed from outside Liminal’s infrastructure.
India’s Regulatory Landscape
Joanna Cheng, associate general counsel at Fireblocks, highlighted the regulatory challenges faced by the Indian crypto industry. She pointed out the absence of specific guidelines for security measures, risk management, and consumer protection in India.
Cheng noted, “There is no crypto-specific regulation in India so far […] Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).”
In response to the regulatory gaps, Indian Prime Minister Narendra Modi called for a global crypto framework at the G20 Summit in August 2023. Modi emphasized the global impact of emerging technologies like blockchain and cryptocurrencies and advocated for a comprehensive global regulatory framework.
WazirX’s Response and Recovery Efforts
On July 18, WazirX addressed the community via a post on X, detailing the breach and assuring stakeholders that efforts are underway to recover the stolen assets. The exchange described the attack as a “force majeure event,” explaining that despite taking “all necessary steps to protect customer assets,” the theft still occurred.
Joanna Cheng discussed WazirX’s invocation of a force majeure clause, which typically excuses parties from fulfilling contractual obligations due to unforeseen events. However, she noted that if the event was foreseeable and could have been avoided or mitigated with reasonable measures, the clause might not be applicable.
WazirX is currently collaborating with cybersecurity teams to locate and recover the stolen funds and has promised to keep the community updated with further developments. The incident highlights the ongoing challenges in securing digital assets and the need for robust regulatory frameworks to address such vulnerabilities.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.