Beosin: The reason for the attack on WazirX may be the leakage of the administrator's private key of the multi-signature wallet

Odaily News On July 18, 2024, according to Beosin Alert monitoring and warning, the Indian exchange WazirX was attacked. The attacker obtained the signature data of the exchange's multi-signature wallet administrator, modified the wallet's logic contract, and made the wallet execute the wrong logic to steal assets. Attacker address: 0x6eedf92fb92dd68a270c3205e96dccc527728066 Attacked address: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4 Based on the attacker's attack behavior, it is speculated that the cause is the leakage of the administrator's private key of the multi-signature wallet. Beosin briefly analyzes the cause of the attack as follows: 1. The attacker deployed the attack contract: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. The function of this contract is to extract the token assets specified by this contract. 2. The attacker obtains the signature data of the administrator of the wazirx multi-signature wallet and modifies the logical contract of the wallet to the deployed attack contract. The corresponding transaction is: https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d 3. The attacker submits a token extraction transaction to the wazirx multi-signature wallet. Due to the mechanism of the proxy mode, the wallet contract will use delegatecall to call the relevant functions of the attack contract and transfer the wallet tokens. Beosin Trace is tracking the stolen funds.