The cryptocurrency wallet of Indian exchange WazirX was compromised. Assets worth around $235 million were transferred to a new address, converted into different tokens, and transferred via Tornado Cash.
Cyvers, a team dedicated to securing the Web3 space, detected several suspicious transactions associated with the cryptocurrency wallet address of Indian crypto exchange WazirX. As a result of the abnormal activity, analysts concluded that the Safe wallet used by the exchange was compromised.
Cyvers reports $234.9 million in digital assets were withdrawn from the WazirX address. The bulk of the funds in the wallet were stored in USDT, PEPE, and GALA. The attacker transferred them into ETH via crypto mixer Tornado Cash. According to ZachXBT, an anonymous researcher and blockchain security specialist, the address where the WazirX funds were moved still has about $100 million in SHIB tokens, $52 million in ETH, and $11 million in MATIC. In addition, the attacker’s address holds $4.7 million in FLOKI, $3.2 million in FTM, $2.8 million in LINK, $2.3 million in FET, and other tokens.
In response to the incident, the WazirX team temporarily suspended withdrawals on the platform, saying that an investigation into the incident is underway and the results will be reported as the situation develops. No information regarding the security of WazirX users’ funds is reported yet.
A critical vulnerability was recently discovered on Kraken crypto exchange, which was used to withdraw more than $3 million in digital assets. However, white hat hackers from CertiK were behind the incident and the assets were returned.