发布: 2024/07/23 22:07 阅读: 255
WazirX Hack Raises Concerns about Exchange Security and India's Crypto Future
WazirX 黑客事件引发人们对交易所安全和印度加密货币未来的担忧
The massive $235M hack on the Indian cryptocurrency exchange WazirX on July 18 has raised serious questions about exchange security and the future of India's crypto industry.
7 月 18 日,印度加密货币交易所 WazirX 遭受了价值 2.35 亿美元的大规模黑客攻击,引发了人们对交易所安全和印度加密行业未来的严重质疑。
The attack unfolded swiftly and precisely, with Web3 security firm Cyvers detecting "multiple suspicious transactions" involving WazirX's "Safe Multisig" wallet on Ethereum.
这次攻击迅速而准确地展开,Web3 安全公司 Cyvers 检测到涉及 WazirX 在以太坊上的“安全多重签名”钱包的“多笔可疑交易”。
The assailant siphoned a staggering $234.9 million to a new address, with each transaction funded by assets from cryptocurrency mixer Tornado Cash. The stolen funds included cryptocurrencies like Tether (USDT), Pepe (PEPE), and Gala (GALA), which were swiftly converted into Ether (ETH) to conceal their trail.
攻击者将惊人的 2.349 亿美元转移到新地址,每笔交易均由加密货币混合器 Tornado Cash 的资产资助。被盗资金包括 Tether (USDT)、Pepe (PEPE) 和 Gala (GALA) 等加密货币,这些货币很快被兑换成 Ether (ETH) 以掩盖其踪迹。
WazirX's wallet also contained approximately $100 million in Shiba Inu (SHIB), $52 million in ETH, $11 million in Polygon's MATIC, and smaller amounts of other tokens.
WazirX 的钱包还包含约 1 亿美元的 Shiba Inu (SHIB)、5200 万美元的 ETH、1100 万美元的 Polygon 的 MATIC 以及少量其他代币。
In response, WazirX suspended withdrawals of cryptocurrencies and Indian rupees. The exchange announced it was "actively investigating the incident."
作为回应,WazirX 暂停了加密货币和印度卢比的提现。该交易所宣布正在“积极调查这一事件”。
Impact on India's Crypto Sector
对印度加密货币行业的影响
The hack has significant implications for India's cryptocurrency sector, which has flourished despite government pressure.
此次黑客攻击对印度的加密货币行业产生了重大影响,该行业尽管面临政府压力,但仍蓬勃发展。
Utkarsh Tiwari, chief strategy officer for cryptocurrency exchange KoinBX, believes the security breach may cause concern among investors and exchanges. He predicts that Indian exchanges will invest in advanced security to demonstrate the resilience of the Indian digital asset market.
加密货币交易所KoinBX首席战略官Utkarsh Tiwari认为,此次安全漏洞可能会引起投资者和交易所的担忧。他预测印度交易所将投资于先进的安全性,以展示印度数字资产市场的弹性。
The crypto industry hopes for favorable changes in India's strict crypto tax regulations. Finance Minister Nirmala Sitharaman will present the Union Budget on July 23.
加密行业希望印度严格的加密税收法规能够发生有利的变化。财政部长 Nirmala Sitharaman 将于 7 月 23 日提交联邦预算。
How the Attackers Gained Access to WazirX
攻击者如何访问 WazirX
While the exploited vulnerability remains unknown, Meir Dolev of Cyvers outlined the attack vector. The attacker used two addresses: one to initiate the transaction and the other to receive the funds. They funded the initiating address via Tornado Cash to pay gas fees.
虽然所利用的漏洞仍然未知,但 Cyvers 的 Meir Dolev 概述了攻击向量。攻击者使用两个地址:一个用于发起交易,另一个用于接收资金。他们通过 Tornado Cash 为发起地址提供资金以支付汽油费。
Eight days before the attack, the hacker deployed a malicious contract that allowed them to change the implementation of the WazirX wallet. They used the signatures of WazirX and Liminal Custody to gain control, enabling transactions without further authorization.
攻击前八天,黑客部署了一份恶意合约,允许他们更改 WazirX 钱包的实现。他们使用 WazirX 和 Liminal Custody 的签名来获得控制权,无需进一步授权即可进行交易。
Dolev speculates that the attacker likely compromised WazirX endpoints or laptops to obtain the necessary signatures, possibly via a UI hijack on Liminal's side.
Dolev 推测攻击者可能会通过 Liminal 一侧的 UI 劫持来破坏 WazirX 端点或笔记本电脑以获得必要的签名。
Liminal Custody maintains that its platform remains secure.
Liminal Custody 坚称其平台仍然安全。
North Korean Involvement Suspected
怀疑朝鲜参与其中
Analysts suspect North Korean hackers may be responsible for the incident. Elliptic and ZachXBT have cited behavioral patterns characteristic of North Korean actors. Lazarus Group, a North Korean criminal organization, has been linked to major crypto exploits.
分析人士怀疑朝鲜黑客可能对这起事件负责。 Elliptic 和 ZachXBT 引用了朝鲜演员的行为模式特征。朝鲜犯罪组织 Lazarus Group 与重大加密货币漏洞有关。
Market Impact and WazirX's Response
市场影响和 WazirX 的应对
The hack caused significant market turbulence, with the price of SHIB dropping 10% after over $100 million worth of tokens were stolen.
这次黑客攻击造成了严重的市场动荡,价值超过 1 亿美元的代币被盗,SHIB 的价格下跌了 10%。
WazirX has taken swift action. It has filed a police complaint, contacted over 500 exchanges to block suspect addresses, and is cooperating with exchanges to aid recovery efforts.
WazirX 已迅速采取行动。它已向警方提出投诉,联系了 500 多家交易所以封锁可疑地址,并正在与交易所合作协助恢复工作。