Beosin: The leakage of the administrator's private key of the multi-signature wallet on the Indian exchange WazirX has led to asset theft

ChainCatcher news, according to Beosin Alert monitoring, it was discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the multi-signature wallet administrator of the exchange, modified the logic contract of the wallet, and executed incorrect logic to steal assets.

Attacker address: 0x6eedf92fb92dd68a270c3205e96dccc527728066
Attacked address: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4

Based on the attacker's behavior, it is speculated that the reason is the leakage of the multi-signature wallet administrator's private key. Beosin summarizes the cause of the attack as follows:

1. The attacker deployed the attack contract: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. The function of this contract is to extract the token assets specified by this contract.
2. The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logic contract to the already deployed attack contract. The corresponding transaction is:
   https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d
3. The attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the proxy model mechanism, the wallet contract will use delegatecall to invoke the relevant functions of the attack contract, transferring the wallet's tokens.

The flowchart of the stolen funds shows that, so far, the hacker has transferred part of the funds to Changenow and Binance exchanges.