In the wake of a devastating cyberattack on July 18, 2024, which resulted in the theft of over $230 million in digital assets, crypto exchange WazirX, has launched a 3-month bounty program, with rewards up to $23 million.
The bounty program is divided into two main initiatives: the “Track & Freeze Bounty” and the “White Hat Recovery Bounty”.
The first reward offers up to $10,000 in USDT for any information leading to the freezing of the stolen funds. Participants must either freeze the funds themselves or provide enough proof to WazirX to facilitate the process. Rewards will not be given for non-actionable information or if the freezing attempt is unsuccessful.
The second reward incentivizes the return of stolen funds with a 10% reward of the recovered amount, up to a maximum of $23 million. Initially, this was capped at 5%, but WazirX CEO Nischal Shetty revealed that it was increased on the recommendation of ZackXBT.
This bounty extends to anyone who assists in returning the funds to a specified ERC20 wallet address 0xf38…2611bf.
WazirX stated that this reward will be given only after successfully receiving the stolen amount, either in USDT or recovered funds, at their discretion.
Bounty Program Terms and Conditions
The program will run for three months from the announcement date, though WazirX reserves the right to extend or reduce this period based on the program’s requirements and results. Eligibility is open to everyone except current and former WazirX employees and their immediate family members. Participants must submit detailed information, including addresses, transactions, and tracking methodologies.
To ensure the integrity and confidentiality of the process, all submissions must be kept confidential and not disclosed to third parties. For the Track & Freeze Bounty, participants must provide clear evidence linking the tracked addresses to the stolen funds and demonstrate how these funds can be tracked. For the White Hat Recovery Bounty, participants must use legal and ethical methods and provide a detailed proof of concept for recovering the funds.
As part of its response, WazirX has filed a police complaint and informed relevant authorities, including the Financial Intelligence Unit (FIU) and CERT-In.
The co-founder, Nischal Shetty, reported that WazirX is also reaching out to over 500 cryptocurrency platforms to block addresses linked to the stolen funds. This effort is important as the stolen assets always move across various exchanges.
Moreover, WazirX is also working with cryptocurrency transaction tracking experts to provide ongoing monitoring and support in the recovery process. In a statement yesterday, Shetty acknowledged the support from the Web3 community and highlighted the importance of collective action in addressing this issue.
The exchange’s team is currently analyzing data to assess the full extent of the attack’s impact. This analysis will inform the development of an effective recovery strategy and measures to address customer fund impacts.
The breach is the second-largest hack of a centralized exchange in recent times. Crypto investigator ZachXBT reported that the hacker’s wallet still holds over $104 million in unmoving funds.