What are ‘digital signatures’ that WazirX hackers have gained access to?
The WazirX hacker, who stole over $230 million (approximately Rs. 1,900 crore) from a multi-signature wallet, managed to gain access to the digital signatures required to process the transaction to facilitate the hacking attack. But what are these digital signatures? Unlike the text scribble that we usually think of as a signature, digital signatures are virtual signing algorithms. Like human signatures, these digital signatures prove the authenticity of every command associated with a crypto transaction.
How do digital signatures work?
A mathematical tool for authentication, digital signatures contain multiple details related to each transaction. These details include proof of origin, time of initiation, and the status of each digital document.
Based on asymmetric cryptography, a digital signature is created to verify information or a command. A pair of private and public keys need to be created to create a digital signature. While the private key is used to create the signature, the public key is used to verify the signature.
In general, digital signatures rely on the Public Key Infrastructure (PKI). To generate mathematically linked private key and public key, public key algorithms such as Rivest-Shamir-Adleman can be used. Just as all human signatures are unique, this software also generates unique digital signatures that are different from all others generated so far.
In March of this year, WazirX published a blog which describes how crucial these digital signatures are in the blockchain sector. According to the Indian exchange, digital signatures improve the security and authentication of transactions. The exchange also said that digital signing provides accurate time stamping, eliminates the need for a centralized authority and makes the verification process more time-efficient.
“If the signature is fully valid, it confirms that the user initiating the transaction is the rightful owner of the data,” the blog said. “The widespread adoption of blockchain, alongside the continued use of digital signatures, is shaping a future where decentralization, security, and transparency will redefine the dynamics of online transactions.”
Shortcomings in the implementation of digital signatures
Implementing digital signatures in smart contracts or for transaction verifications can be an expensive process as both the senders and receivers involved in the transaction need to purchase digital certificates and verification software.
While digital signatures can be seen as a more secure option to implement 2-FA for crypto transactions, they are clearly not a watertight security measure in the crypto world.
In the case of WazirX, the hacker used a multi-sig wallet owned by WazirX that was controlled by Liminal Custody. The hacker, who is strongly suspected of being from North Korea’s notorious Lazarus Group, was able to gain access to the signatures needed by both parties to approve the transaction and facilitated the attack.
