What Are ‘Digital Signatures’ That Were Accessed by WazirX Hackers?

The WazirX hacker, who stole over $230 million (roughly Rs. 1,900 crore) from a multi-signature wallet, managed to access the digital signatures required to process the transaction to facilitate the hack attack. But what are these digital signatures? Unlike the text scribble we generally identify a signature to be, digital signatures are virtual signing algorithms. Like human signatures, these digital signatures prove the authenticity of any command linked to a crypto transaction.

How do Digital Signatures Work?

A mathematical tool for authentication, digital signatures carry multiple details related to any transaction. These details include proof of origin, time of initiation, and the status of any digital document.

Based on asymmetric cryptography, a digital signature is created to verify information or a command. A pair of private and public keys need to be created to make for a digital signature. While the private key is used to create the signature, the public key is utilised to verify the signature.

Overall, digital signatures are dependent on the Public Key Infrastructure (PKI). In order to generate mathematically linked private key and public key, public key algorithms such as Rivest-Shamir-Adleman can be used. Like all human signatures are unique, these software also generate unique digital signatures different from all others generated so far.

Back in March this year, WazirX had published a blog detailing how crucial these digital signatures are in the blockchain sector. As per the Indian exchange, digital signatures enhance the security and authentication of transactions. The exchange also said digital signing provides precise timestamping, eliminates the need for a centralised authority, and makes the verification process more time efficient.

“If the signature is completely valid, it confirms that the user initiating the transaction is the rightful owner of the data,” the blog said. “The widespread adoption of blockchain, alongside the ongoing use of digital signatures, is shaping a future where decentralisation, security, and transparency redefine online transaction dynamics.”

Shortcomings of Implementing Digital Signatures

Deploying digital signatures on smart contracts or for transaction verifications could make for an expensive process given that both the senders and receivers linked to the transaction will have to purchase digital certificates and verification software.

While digital signatures can be seen as a more secure option to implement 2-FA for crypto transactions, they are clearly not a foolproof security measure in the crypto arena.

In WazirX’s case, the hacker exploited a multi-sig wallet of WazirX kept under Liminal Custody’s oversight. The hacker, highly suspected to be from North Korea’s notorious Lazarus Group, managed to get the access to the signatures needed by both the parties to approve the transaction and facilitated the attack.