Scan to download
Home
Article
Flash
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools
RootData
DeInsight 2024🔥
Devcon 2024

Cobo Security Team: Analysis of the WazirX Theft Incident

CoboGlobal
2024-08-01 18:58:40
Collection
The Cobo security team conducted a detailed analysis of the recent attack on the Indian cryptocurrency exchange WazirX.

1 Event Overview

On July 18, 2024, a multi-signature wallet of the Indian cryptocurrency exchange WazirX was hacked, resulting in the theft of over $230 million. The multi-signature wallet was a Safe{Wallet} smart contract wallet. The attackers induced the multi-signature signers to sign a contract upgrade transaction, allowing them to directly transfer the assets from the wallet through the upgraded contract, ultimately withdrawing approximately $230 million in assets.

2 Attack Process Analysis

Note: The following analysis is based on post-incident reports from WazirX and Liminal, on-chain data, and publicly available information on the internet. There may be incomplete information or errors, which could lead to deviations in the analysis conclusions. The analysis results are for reference only, and specific conclusions should be based on the subsequent investigation results of the involved parties.

Original links:

  • WazirX Blog : https://wazirx.com/blog/wazirx-cyber-attack-key-insights-and-learnings/

  • Liminal Custody Blog : https://www.liminalcustody.com/blog/update-on-wazirx-incident/

2.1 Multi-Signature Wallet Configuration and Attack Process

According to the information disclosed by both parties, WazirX uses Safe (formerly known as Gnosis Safe) for fund management and collaborates with Liminal for custody. The Safe wallet employs a 4/6 signature method, where 5 private keys are managed by WazirX members through hardware wallets, and 1 private key is managed by Liminal through HSM.

Under normal circumstances, WazirX initiates transaction transfers via the Liminal platform's web interface, with transfer addresses restricted by a whitelist maintained by the Liminal platform. After 3 of the 5 signers from WazirX confirm the transaction is correct, they sign using hardware wallets. Once Liminal collects 3 signatures, it adds the final signature using HSM and puts the transaction on-chain. From the on-chain attack transaction, it is evident that the attack transaction indeed contained 3 valid signatures, and the 4th signature was from the transaction initiator (i.e., Liminal), consistent with the disclosed wallet management structure.

Combining reports from both Liminal and WazirX, the process for initiating this malicious multi-signature transaction is as follows:

  1. The attacker used some unknown means (including but not limited to 0-day network attacks, social engineering attacks, etc.) to induce WazirX to sign the transaction.

  2. Three WazirX members logged into the Liminal platform via bookmarks, passed Google verification and MFA verification, and saw that the pending transaction to be signed was for 2 GALA transfers and 1 USDT transfer, which they signed using hardware wallets. However, the actual content signed by the victims was not a token transfer transaction but a multi-signature wallet contract upgrade transaction. Since the actual transaction content did not match the claimed transfer transactions, the Liminal platform rejected the 3 transactions.

  3. At this point, the attacker collected the signatures from the 3 members for the contract upgrade transaction and submitted the malicious contract upgrade transaction again to the Liminal platform, accompanied by the 3 correct signatures.

  4. After Liminal verified the signatures were correct, it initiated the transaction as the 4th signer. Once the transaction was on-chain, the wallet contract was upgraded, and control was transferred to the attacker.

According to WazirX's description, the signers used hardware wallets to safeguard their private keys. The attacker also collected the signatures of the 3 signers by forging transfer transactions. Therefore, it is inferred that the 3 WazirX administrators did not experience a private key leak. Similarly, Liminal also did not experience a private key leak; otherwise, the attacker would not have needed to initiate the final transaction through the Liminal platform.

On the other hand, according to WazirX's description, the signers accessed the correct Liminal platform via bookmarks and completed Google and MFA verification. The Liminal platform also recorded logs of the three suspicious transactions, which rules out the possibility that WazirX logged into a phishing page of a fake Liminal platform and had their signatures collected. Additionally, based on preliminary evidence collection results disclosed by WazirX, it is believed that the devices of the 3 signers from WazirX were not compromised.

In summary, one possible attack method is that the attacker hijacked the browser front-end page of WazirX victims through a man-in-the-middle attack, XSS attack, or other zero-day attacks, forging legitimate transaction content displayed to the WazirX victims. After collecting the signatures of the 3 WazirX victims, the attacker submitted the final contract upgrade attack transaction to the Liminal platform using the existing session, which successfully went on-chain after passing Liminal's risk control.

2.2 Issues Exposed by the Attack Incident

Based on the aforementioned analysis, both WazirX and Liminal exposed certain issues during the incident.

Liminal Platform's Risk Control is Not Strict:

  • From the final on-chain attack transaction, it can be seen that the Liminal platform signed and put the contract upgrade transaction on-chain. The platform's whitelist transfer risk control strategy did not function as intended.

  • The logs disclosed by the Liminal platform indicate that the platform had already detected and rejected three suspicious transactions but did not promptly alert users or freeze the wallet transfer transactions.

WazirX Did Not Carefully Verify Hardware Wallet Signature Content:

  • The content displayed in the hardware wallet is the actual transaction content awaiting signature. WazirX signers trusted the transaction displayed on the Liminal page when signing the multi-signature transaction, failing to carefully verify whether the content awaiting signature in the hardware wallet matched the transaction displayed on the Liminal page, and directly signed, providing the signatures needed for the attacker's contract upgrade transaction.
Related tags
WazirX theft incident multi-signature wallet Liminal platform
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
CoboGlobal
CoboGlobal
Cobo Security Team: Blockchain Security Trading Guide
Cobo Security Team: Blockchain Security Trading Guide
Cobo Security Team: Bull Market DeFi Interaction Guide
Cobo Security Team: Bull Market DeFi Interaction Guide
Mention the project
WazirX
WazirX Cryptocurrency exchange
Liminal
Liminal Digital Wallet Infrastructure
Related tags
WazirX theft incident multi-signature wallet Liminal platform
Related reading
Vitalik's Latest Perspective: How to Choose Guardians for Multi-Signature Wallets and Social Recovery Wallets?
Vitalik's Latest Perspective: How to Choose Guardians for Multi-Signature Wallets and Social Recovery Wallets?
IOSG: Will account abstraction be the ultimate form of smart contract wallets?
IOSG: Will account abstraction be the ultimate form of smart contract wallets?
Wallet 2.0 Era: MPC Wallet vs. Smart Contract Wallet
Wallet 2.0 Era: MPC Wallet vs. Smart Contract Wallet
Pantera Capital Partner: A Detailed Explanation of Web3 Financial Management Tool Multis
Pantera Capital Partner: A Detailed Explanation of Web3 Financial Management Tool Multis
Copyright © 2023
About Us
BitouchNews
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app