Beosin: The administrator's private key of the wazirx multi-signature wallet was leaked, resulting in the theft of assets
Beosin Alert monitoring and warning system discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the exchange's multi-signature wallet administrator and modified the wallet's logical contract to execute incorrect logic in order to steal assets. Based on the attacker's behavior, it is speculated that the reason for the attack was the leakage of the administrator's private key for the multi-signature wallet. Beosin's analysis of the attack is as follows:1. The attacker deployed an attack contract that extracts the specified token assets of this contract.2. The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logical contract to the already deployed attack contract.3. The attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the mechanism of the proxy mode, the wallet contract will use delegatecall to call the relevant functions of the attack contract, transferring the wallet tokens.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
New cryptocurrencies for pennies with huge profit potential
18 US Attorneys General Accuse SEC and Its Head of Abuse of Authority
Base Brings Science to the Blockchain
Base, a growing blockchain platform, believes that onchain science could change the game for research and make it more open for everyone
Michael Saylor Predicts Bitcoin Reaching $100K Amid Institutional Backing and Pro-Crypto Policies
Trending news
MoreCrypto prices
More
