WazirX 被黑，损失 2.35 亿美元，安全多重签名钱包受损并耗尽

印度加密货币交易所 WazirX 在最近的一次攻击中被黑客攻击，损失超过 2.35 亿美元。 “安全多重签名钱包”遭到破坏并被耗尽。

Indian crypto exchange, WazirX, was recently hacked for more than $235 Million. The exploiter compromised and drained the “safe multi-sig wallet”. The exploiter swapped PEPE, GALA, USDT, ETH, SHIBA, FLOKI, MATIC and more.

印度加密货币交易所 WazirX 最近遭到黑客攻击，损失超过 2.35 亿美元。攻击者入侵并耗尽了“安全多重签名钱包”。攻击者兑换了PEPE、GALA、USDT、ETH、SHIBA、FLOKI、MATIC等。

A recent X post by Web 3 security firm Cyvers Alerts spoke about the exploit. Their system detected over $234.9 of funds transferred from their safe wallets. Each transaction caller is funded by Tornado Cash.

Web 3 安全公司 Cyvers Alerts 最近发布的 X 帖子谈到了该漏洞。他们的系统检测到从他们的安全钱包转移的资金超过 234.9 美元。每个交易调用者均由 Tornado Cash 提供资金。

The compromised funds were moved to an address and the hacker began actively converting the stolen funds to ETH. Over $100 Million of SHIB is currently in the hacker’s address which is yet to be converted.

被盗资金被转移到一个地址，黑客开始积极地将被盗资金转换为 ETH。目前，超过 1 亿美元的 SHIB 存在于黑客的地址中，但尚未转换。

WazirX’s official token WRX tumbled more than 15% due to this exploit. It is currently trading near $0.14 with a surge of 375% in its daily volume (press time).

由于该漏洞，WazirX 的官方代币 WRX 暴跌超过 15%。目前其交易价格接近 0.14 美元，日交易量激增 375%（截至发稿时）。

Let’s have a look at how the hacker exploited the safe wallets of WazirX

我们来看看黑客是如何利用WazirX的安全钱包的

The exploit was decoded by ZachXBT and various other X creators. They have come up with an interesting theory explaining the exploit. Let’s have a quick summary of the exploit as per its timeline.

该漏洞由 ZachXBT 和其他各种 X 创建者解码。他们提出了一个有趣的理论来解释这一漏洞。让我们根据时间线快速总结一下该漏洞利用的情况。

The theft address was doing test transactions on July 10th from Multisig with SHIB. It was funded with 0.1 ETH from Tornado cash. The attackers then upgraded the multi-sig to a malicious version which allowed them to drain the multisig.

被盗地址于 7 月 10 日使用 SHIB 从 Multisig 进行测试交易。它的资金来自 Tornado 现金 0.1 ETH。然后，攻击者将多重签名升级为恶意版本，从而使他们能够耗尽多重签名。

They likely did not have all the required private keys and they were dependent on multiple signature phishing. The attackers likely compromised 2 or 4 private keys as per X user Mudit Gupta.

他们可能没有所有必需的私钥，并且依赖于多重签名网络钓鱼。根据 X 用户 Mudit Gupta 的说法，攻击者可能泄露了 2 或 4 个私钥。

As per the transaction hash, the wallet attempted to do a USDT transfer minutes before the actual hack. The hackers then used two other compromised keys to successfully execute the exploit transaction.

根据交易哈希，钱包在实际黑客攻击前几分钟尝试进行 USDT 转账。然后，黑客使用另外两个泄露的密钥成功执行了漏洞交易。

The primary theft address of the exploit was “0x04b21735E93Fa3f8df70e2Da89e6922616891a88”. As per ZachXBT, the address currently holds over $100 Million SHIB which is yet to be exchanged.

该漏洞的主要盗窃地址是“0x04b21735E93Fa3f8df70e2Da89e6922616891a88”。据 ZachXBT 称，该地址目前持有超过 1 亿美元的 SHIB 尚未兑换。

WazirX Suspends Withdrawals

WazirX暂停提币

WazirX has acknowledged the attack and has paused the withdrawals for cryptocurrency and INR. In an X post, they said that they are actively investigating the incident.

WazirX 已承认此次攻击，并已暂停加密货币和印度卢比的提款。他们在 X 帖子中表示正在积极调查这一事件。

After the incident, BTC/INR, ETH/INR, and USDT/INR along with others were traded at a heavy discount on the platform. The discounted rate reflected panic selling among the investors.

事件发生后，平台上BTC/INR、ETH/INR、USDT/INR等交易价格大幅折价。折扣率反映了投资者的恐慌性抛售。

WRX is trading near its one-year low at $0.144 after a loss of 17% in the intraday session. The hack caused a panic sale among WRX investors.

WRX 盘中下跌 17%，目前交易价格接近一年低点 0.144 美元。此次黑客攻击引发了 WRX 投资者的恐慌性抛售。

The hackers have not been identified yet, while many analysts are hoping for a partial recovery of funds. The WazirX hack might push the other exchanges to ramp up wallet security and other infrastructure security aspects.

黑客的身份尚未确定，但许多分析师希望部分资金能够收回。 WazirX 黑客攻击可能会促使其他交易所提高钱包安全和其他基础设施安全方面的水平。

This article is for informational purposes only and provides no financial, investment, or other advice. The author or any people mentioned in this article are not responsible for any financial loss that may occur from investing in or trading. Please do your research before making any financial decisions.

本文仅供参考，不提供任何财务、投资或其他建议。作者或本文提到的任何人对投资或交易可能产生的任何财务损失不承担任何责任。在做出任何财务决定之前，请先进行研究。