WazirX 被黑，損失 2.35 億美元，安全多重簽名錢包受損並耗盡

印度加密貨幣交易所 WazirX 在最近的攻擊中被駭客攻擊，損失超過 2.35 億美元。 「安全多重簽名錢包」遭到破壞並被耗盡。

Indian crypto exchange, WazirX, was recently hacked for more than $235 Million. The exploiter compromised and drained the “safe multi-sig wallet”. The exploiter swapped PEPE, GALA, USDT, ETH, SHIBA, FLOKI, MATIC and more.

印度加密貨幣交易所 WazirX 最近遭到駭客攻擊，損失超過 2.35 億美元。攻擊者入侵並耗盡了「安全多重簽章錢包」。攻擊者兌換了PEPE、GALA、USDT、ETH、SHIBA、FLOKI、MATIC等。

A recent X post by Web 3 security firm Cyvers Alerts spoke about the exploit. Their system detected over $234.9 of funds transferred from their safe wallets. Each transaction caller is funded by Tornado Cash.

Web 3 安全公司 Cyvers Alerts 最近發布的 X 貼文談到了該漏洞。他們的系統檢測到從他們的安全錢包轉移的資金超過 234.9 美元。每個交易呼叫者均由 Tornado Cash 提供資金。

The compromised funds were moved to an address and the hacker began actively converting the stolen funds to ETH. Over $100 Million of SHIB is currently in the hacker’s address which is yet to be converted.

被盜資金被轉移到一個地址，駭客開始積極地將被盜資金轉換為 ETH。目前，超過 1 億美元的 SHIB 存在於駭客的地址中，但尚未轉換。

WazirX’s official token WRX tumbled more than 15% due to this exploit. It is currently trading near $0.14 with a surge of 375% in its daily volume (press time).

由於漏洞，WazirX 的官方代幣 WRX 暴跌超過 15%。目前其交易價格接近 0.14 美元，每日交易量激增 375%（截至發稿時）。

Let’s have a look at how the hacker exploited the safe wallets of WazirX

讓我們來看看駭客是如何利用WazirX的安全錢包的

The exploit was decoded by ZachXBT and various other X creators. They have come up with an interesting theory explaining the exploit. Let’s have a quick summary of the exploit as per its timeline.

該漏洞由 ZachXBT 和其他各種 X 創建者解碼。他們提出了一個有趣的理論來解釋這個漏洞。讓我們根據時間軸快速總結一下該漏洞。

The theft address was doing test transactions on July 10th from Multisig with SHIB. It was funded with 0.1 ETH from Tornado cash. The attackers then upgraded the multi-sig to a malicious version which allowed them to drain the multisig.

被盜地址於 7 月 10 日使用 SHIB 從 Multisig 進行測試交易。它的資金來自 Tornado 現金 0.1 ETH。然後，攻擊者將多重簽章升級為惡意版本，使他們能夠耗盡多重簽章。

They likely did not have all the required private keys and they were dependent on multiple signature phishing. The attackers likely compromised 2 or 4 private keys as per X user Mudit Gupta.

他們可能沒有所有必需的私鑰，並且依賴多重簽名網路釣魚。根據 X 用戶 Mudit Gupta 的說法，攻擊者可能洩露了 2 或 4 個私鑰。

As per the transaction hash, the wallet attempted to do a USDT transfer minutes before the actual hack. The hackers then used two other compromised keys to successfully execute the exploit transaction.

根據交易哈希，錢包在實際駭客攻擊前幾分鐘嘗試進行 USDT 轉帳。然後，駭客使用另外兩個洩漏的密鑰成功執行了漏洞交易。

The primary theft address of the exploit was “0x04b21735E93Fa3f8df70e2Da89e6922616891a88”. As per ZachXBT, the address currently holds over $100 Million SHIB which is yet to be exchanged.

此漏洞的主要竊盜地址是「0x04b21735E93Fa3f8df70e2Da89e6922616891a88」。據 ZachXBT 稱，該地址目前持有超過 1 億美元的 SHIB 尚未兌換。

WazirX Suspends Withdrawals

WazirX暫停提幣

WazirX has acknowledged the attack and has paused the withdrawals for cryptocurrency and INR. In an X post, they said that they are actively investigating the incident.

WazirX 已承認此次攻擊，並已暫停加密貨幣和印度盧比的提款。他們在 X 貼文中表示正在積極調查這起事件。

After the incident, BTC/INR, ETH/INR, and USDT/INR along with others were traded at a heavy discount on the platform. The discounted rate reflected panic selling among the investors.

事件發生後，平台上BTC/INR、ETH/INR、USDT/INR等交易價格大幅折價。折扣率反映了投資者的恐慌性拋售。

WRX is trading near its one-year low at $0.144 after a loss of 17% in the intraday session. The hack caused a panic sale among WRX investors.

WRX 盤中下跌 17%，目前交易價格接近一年低點 0.144 美元。這次駭客攻擊引發了 WRX 投資者的恐慌性拋售。

The hackers have not been identified yet, while many analysts are hoping for a partial recovery of funds. The WazirX hack might push the other exchanges to ramp up wallet security and other infrastructure security aspects.

駭客的身份尚未確定，但許多分析師希望部分資金能夠收回。 WazirX 駭客攻擊可能會促使其他交易所提高錢包安全和其他基礎設施安全的水平。

This article is for informational purposes only and provides no financial, investment, or other advice. The author or any people mentioned in this article are not responsible for any financial loss that may occur from investing in or trading. Please do your research before making any financial decisions.

本文僅供參考，不提供任何財務、投資或其他建議。作者或本文所提及的任何人對投資或交易可能產生的任何財務損失不承擔任何責任。在做出任何財務決定之前，請先進行研究。