Indian cryptocurrency exchange WazirX has reported a security breach involving its Safe Multisig wallet on the Ethereum blockchain.
According to cybersecurity firm Cyvers, the breach led to approximately USD 234.9 million worth of funds being transferred from the exchange’s Safe Multisig wallet to a new address. The firm detected multiple suspicious transactions linked to WazirX’s Ethereum wallet.
The transactions, as reported by Cyvers, were executed using Tornado Cash, a decentralised protocol known for facilitating private transactions on the Ethereum network. This anonymity feature has made it challenging to trace the exact movement and destination of the funds.
Cyvers further mentioned that the suspicious address involved in the transactions has been actively converting various tokens, including $PEPE (Pepe), $GALA (Gala), and $USDT (Tether), into $ETH (Ether), alongside continuing to swap other digital assets.
Upon discovering the breach, WazirX said it took immediate action by pausing withdrawals in both Indian Rupees (INR) and cryptocurrencies. This precautionary measure was to safeguard the remaining assets of its users while the exchange’s security team conducts a thorough investigation into the incident.
The exchange has assured its users that their team is actively working to assess the extent of the breach and mitigate any further risks to user funds.