Cryptocurrency exchange WazirX has temporarily halted withdrawals following a potential security breach involving its Safe Multisig wallet.
Cybersecurity firm Cyverse raised the alarm on X, stating that $234.9 million worth of assets were transferred to an unknown address, with the transactions allegedly initiated via Tornado Cash, a service used for anonymising crypto transactions.
“We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding. We’ll keep you posted with further updates,” WazirX said in a statement.
A multisig wallet, short for “multi-signature wallet,” requires multiple private keys to authorise a transaction, enhancing security compared to single-signature wallets.
“The suspicious address has already swapped $PEPE, $GALA, and $USDT to $ETH and continues to swap other digital assets,” Cyverse posted on X.
“We attempted to contact you 30 minutes ago, but received no response. It appears that your Safe wallet has been compromised by a malicious actor!” the post added.
However, it is not yet clear whether the stolen funds were from users’ wallets or WazirX’s own reserves.