Beosin: The administrator's private key of the wazirx multi-signature wallet was leaked, resulting in the theft of assets

Beosin Alert monitoring and warning system discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the exchange's multi-signature wallet administrator and modified the wallet's logical contract to execute incorrect logic in order to steal assets. Based on the attacker's behavior, it is speculated that the reason for the attack was the leakage of the administrator's private key for the multi-signature wallet. Beosin's analysis of the attack is as follows:1. The attacker deployed an attack contract that extracts the specified token assets of this contract.2. The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logical contract to the already deployed attack contract.3. The attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the mechanism of the proxy mode, the wallet contract will use delegatecall to call the relevant functions of the attack contract, transferring the wallet tokens.