Beosin: The private key of the administrator of the wazirx multi-signature wallet was leaked, resulting in the theft of assets
According to the Beosin Alert monitoring warning, the Indian exchange Wazirx was attacked. The attacker obtained the signature data of the multi-signature wallet administrator of the exchange, modified the logical contract of the wallet, and let the wallet execute the wrong logic to steal assets.
Based on the attacker's attack behavior, it is speculated that the reason is the leakage of the administrator's private key of the multi-signature wallet. Beosin briefly analyzes the reasons for the attack as follows:
1. The attacker deploys an attack contract, the function of which is to extract the token assets specified in this contract
2. The attacker obtains the signature data of the wazirx multi-signature wallet administrator and modifies the logical contract of the wallet to the deployed attack contract.
3. The attacker submits the withdrawal token transaction to the wazirx multi-signature wallet. Due to the mechanism of the proxy model, the wallet contract will use delegatecall to call the relevant functions of the attack contract to transfer the wallet tokens.