On July 18, WazirX, one of India’s leading cryptocurrency exchanges, was hit by a massive cyberattack that resulted in the loss of around $234.9 million (approximately Rs 2000 crore) of investor funds from the exchange.
The attack has left thousands of WazirX customers shocked, angry, and clueless about their investments. Multiple investigative agencies including the FBI and parallelly, crypto sleuths have launched a probe into the attack but there seems to be no breakthrough in the case yet. What has transpired since then is a classic tale of obfuscation by the platform owners amid an unsettling environment of anxiety that has engulfed India’s crypto landscape.
In this exclusive article, we will break down what actually transpired during India’s biggest crypto hack, how WazirX responded to it through a supposedly “unfair” settlement policy, and what other exchanges could learn from the fiasco.
What Happened on July 18?
On July 18, a cybersecurity firm ‘Cyvers Alerts’ reported a massive breach in the multi-sig wallet of WazirX, where unauthorized transactions were made to transfer funds worth $234.9 million to a different wallet on the Ethereum network. The stolen funds amounted to at least half of the investor funds of WazirX as per their proof of reserve report in June 2024 in which the total holdings were valued at $503.64 million. Soon enough, the official Twitter handle of WazirX confirmed the hack and halted all withdrawals from their exchange.
How much did WazirX lose in the cyber attack?
Lookonchain, a blockchain explorer, revealed detailed information about the stolen assets. Over 200 different cryptocurrencies were taken in the attack, including a staggering 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens. The sheer volume of assets stolen has had a considerable impact on the market value of these cryptocurrencies and on WazirX’s overall standing in the industry.
What led to the security breach at WazirX?
As per the technical side of the hack, there are several possible explanations for how it occurred. It could be attributed to security flaws, insufficient security protocols, weak API security, inadequate monitoring and response systems, or outdated software. Given that WazirX is one of the major exchanges in India, these potential issues are surprising and concerning. The hack raises questions about the overall robustness of their security measures and whether they were adequately prepared for such an attack
Lazarus Group’s involvement?
Some security experts have pointed to the Lazarus Group, a notorious North Korean hacking collective, as a possible culprit. This group has been linked to several significant cryptocurrency attacks in recent years. For instance, in June 2023, Lazarus Group breached Atomic Wallet, stealing over $35 million worth of cryptocurrency. They employed sophisticated methods, such as phishing attacks to obtain private keys and using cryptocurrency mixers to launder stolen funds. The group’s pattern of targeting exchanges and wallets to fund North Korea’s regime raises concerns that they might be behind the WazirX attack as well.
Blockchain data indicates that the stolen assets are being offloaded through the decentralized exchange Uniswap. Risk management firm Elliptic has reported ties between the hackers and Lazarus Group, reinforcing the suspicion that this attack was orchestrated by a highly skilled and well-resourced hacking organization.
Insider Attack?
Speculation about the involvement of an insider in the hack is also circulating. An insider with privileged access to sensitive data or systems could have facilitated the breach or may have been involved in some way. The potential lack of segregation of duties and privileges within the exchange could have made it easier for someone to misuse their access for malicious purposes. Additionally, phishing attacks and other social engineering tactics might have played a role in the breach.
How WazirX responded: Dubious “55/45” compensation plan
The immediate action by WazirX to halt all withdrawals from their platform left many customers stranded, unable to access their funds during the critical recovery period.
The compensation plan offered by WazirX has been met with dissatisfaction. The exchange proposed a “55/45” loss-sharing ratio for users. According to this plan, users with 100% of their tokens in the “not stolen” category would receive 55% of those tokens back. The remaining 45% would be converted to USDT-equivalent tokens and locked. As per WazirX’s co-founder Nischal Shetty, this approach was intended to distribute the impact of the loss equitably, but it was not well received by the customers.
Many customers have now demanded a CBI inquiry against WazirX owners and are seeking clarification on various aspects of the breach, including the details of the attack, external security audits, asset management, trading suspension, insurance, and the timeline for resolving withdrawals.
What WazirX really lost: Eroding trust of their customers
It has been over two weeks since the attack but the exchange has failed to come with a clear and satisfactory response that has further fueled customer anger. There has been criticism over the exchange’s handling of the situation and questions about whether the compensation plan genuinely addresses the needs of affected users. WazirX has acknowledged the criticism and expressed a willingness to accept feedback and explore various resolution actions.
As time fritters away, WazirX is likely to lose more customers if they do not come up with a concrete compensation plan for them.
What can other Indian Exchanges learn from WazirX hack?
Following the hack, other major Indian crypto exchanges, such as CoinSwitch and CoinDCX, have reassured their customers about the security of their funds. CoinDCX’s CEO, Sumit Gupta, emphasized the robustness of their wallet security, while CoinSwitch’s Ashish Singhal advised investors to exercise caution during this volatile period. These exchanges have taken proactive steps to ensure that their systems are secure and that their customers’ assets are protected in cold wallets.
WazirX has faced numerous challenges in recent years, including a significant fallout with Binance in early 2023. The exchange’s separation from Binance, following a dispute over ownership, has further complicated its situation.
Conclusion
The WazirX hack has been a sobering reminder of the vulnerabilities that even major crypto exchanges can face. It underscores the need for enhanced security measures, clear communication, and robust incident response plans. Despite the current challenges, there is still hope that WazirX will recover from this incident. The exchange’s commitment to transparency, user support, and recovery efforts will be crucial in determining how well it can rebuild trust and move forward.
Also Read: With WazirX in Limbo, What is India’s Next Top Crypto Exchange?
