We can’t afford to repeat the mistakes exposed by the WazirX hack
blockworks.co 29 August 2024 13:40, UTC
Not many are willing to admit that Web3 is overly reliant on hybrid security systems that are more susceptible to sophisticated attacks. The recent breach at WazirX serves as a stark reminder of these vulnerabilities. Attackers exploited weaknesses in the transaction verification processes, revealing significant flaws in how these systems handle security.
Now, it is up to us to reimagine and reinforce our security infrastructures with robust transaction authenticity validation and multi-party computation (MPC) algorithms at the forefront. Otherwise, we risk ongoing exposure to attacks that could one day erode trust in digital assets.
On July 18, 2024, Indian crypto exchange WazirX experienced a significant security breach resulting in the theft of $230 million worth of assets. Attributed to North Korean hackers by blockchain investigation firm Elliptic and independent security researchers, this advanced attack alarmed the cryptocurrency community by revealing serious vulnerabilities in multi-signature wallets (even in advanced security systems). But such incidents can be great learning moments to help organizations fortify their defenses against similar threats.
Understanding the attack
The compromised wallet was a Gnosis Safe wallet imported into Liminal’s wallet management system, configured for a 4/6 signature threshold. Standard transaction signing required approval from three WazirX signatories using Ledger hardware wallets, followed by final approval from Liminal’s signatory. However, attackers likely compromised the three WazirX signer machines. If Liminal had been compromised, we would have witnessed more attacks, but this was the only Liminal-related incident. By exploiting a gap between the blind-signing on Ledger hardware devices and the Liminal web app, the threat actor managed to manipulate transaction payload before being signed. This essentially created a discrepancy between the data shown on the web interface and what was actually signed by the hardware devices.
The attackers’ strategy involved switching the payload to a malicious one each time a transaction was attempted. Despite the Liminal system rejecting the malformed malicious transactions, the attackers managed to collect the three valid signatures from the co-signers. With these signatures, they obtained the fourth from Liminal’s co-signer, making the transaction valid and allowing them to alter the implementation contract of the Safe wallet to a malicious one. The result saw them gaining full control and transferring the funds to their own wallet.
Working together to eliminate the threat
The WazirX attack highlighted several critical vulnerabilities. The hybrid setup between WazirX, Liminal, Ledger and Safe lacked robust transaction authenticity validation, exposing it to a man-in-the-middle attack. The reliance on blind-signing worsened this weakness.
Implementing proper end-to-end trust verification could have mitigated this attack. While relying on a multi-device setup is always preferred, transaction decoding has to show on the signing device and be accessible to the signer — in order to mitigate blind-signing.
Furthermore, a MPC algorithm could have mitigated this risk. True MPC ensures that even if attackers gain control over all customer signing devices, transactions cannot proceed without all co-signers’ approval, thus rendering the “sequential signature collection” attack impossible. This structural safeguard offers a defense against on-the-fly transaction manipulation.
Additionally, real-time risk assessments and anomaly detection systems can flag unusual transaction patterns, enabling swift intervention before transactions are executed. These proactive strategies are essential for identifying and addressing threats preemptively.
This event also teaches us the importance of collaboration and information sharing within the industry. Crypto exchanges and custodians must work together to share insights and threat intelligence to strengthen their defenses. Establishing industry-wide protocols and best practices can create a united front against attacks.
Read more from our opinion section: DeFi is the future (and a hack can’t convince me otherwise)
It is everyone’s job to stay informed about emerging threats and share experiences to help develop better defense mechanisms. Regulatory bodies also have a role in ensuring that exchanges follow strict security standards and practices.
Building a resilient future
The WazirX hack is an industry-wide call for stronger wallet setups and comprehensive security protocols. Regular security audits and penetration testing can uncover vulnerabilities, while continuous monitoring and updated security measures ensure defenses remain strong against new threats.
This incident highlights the need for ongoing improvement within security protocols. By learning from breaches like the WazirX hack to implement more resilient systems, exchanges and custodians can better protect their assets and maintain user trust.
As an industry, we should use the hack as a reminder of the ever-present threats in the crypto space. It is possible to build a more secure future for digital assets, but the path forward requires a firm commitment to security — ensuring that such incidents become rare exceptions rather than common occurrences. Lessons learned should ideally propel the industry toward a stronger and safer future, protecting digital assets for years to come.