Michael Pearl, the vice president of Cyvers, a cyber security firm that first reported the Rs 2000 crore WazirX hack, claimed that he alerted exchange co-founder Nischal Shetty on July 18 morning regarding the hacking attempt, who didn’t believe it first. In a recent interview with Indian crypto influencer Aditya Singh (X handle: Cryptooady), Michael shared insights from the morning of July 18 when unknown hackers breached the multi-sig wallet of WazirX exchange and stole cryptocurrencies worth $234.9 million i.e. over Rs 2000 crores.
According to Michael, Cyvers team noticed a highly unusual activity on a certain “flagged” wallet on July 18 morning hours where millions of dollars worth of cryptocurrencies were draining fast. Soon, they realised that a WazirX wallet was the victim of a “massive hack”. Cyvers didn’t get any response from WazirX management for the initial 30 minutes after suspicious activity was reported. Michael claimed that he reached out to WazirX co-founder Nischal Shetty on Whatsapp via a mutual friend.
“We have a security operations centre at Cyvers and its head informed us around 10 am that listen I see a huge hack and I know that it’s a WazirX wallet…Even though WazirX wasn’t our client, we gave them the courtesy of reaching out to them before we went public. I reached out to Nischal initially on Whatsapp and then moved on to Telegram. At first, he wanted a proof which is totally understandable. So we sent him screenshots, hash, Ether scan and he realized that it’s the real deal (sic),” said Michael.
The interview of Michael Pearl with Aditya Singh is available on Youtube. He further added that after Shetty realized WazirX wallet is being hacked, he opened his war room, but it was too little too late.
“But to be honest, after you get hacked, there’s not much you can do. All the necessary steps that you can do, should be done before hand and not afterwards. You can now only assess the magnitude of the damage and see what you can do about it,” said Michael.
Pearl explained that Cyvers has special methods to identify which wallets belong to exchanges, even if they aren’t direct clients, by tracking wallets across the blockchain. While he couldn’t share specifics for security reasons, he confirmed that Cyvers has consistently identified wallets involved in hacks. Though the system isn’t 100% foolproof, it provides highly accurate alerts.
Pearl also claimed that WazirX management could have avoided the hack if they deployed real time monitoring.
“In the case of WazirX, for sure if they would have worked with us in the first place, we could have warned them, we could have prevented it. They were attacked by a malicious smart contract that was deployed like a ticking bomb. So if were tracking their wallets, we could have added the smart contract to the blacklist and they could have prevented it,” said Michael.
According to Michael, the hack targeted WazirX’s multi-signature wallet, which is supposed to be more secure since multiple people need to approve changes when something needs to be changed.
After the hack, the hackers moved around $45 million of the stolen money through Tornado Cash, which is a service that hides where the money is coming from. Pearl said that Cyvers can still follow the money on the blockchain, but it becomes much harder to trace once after it’s mixed with theirs. Hackers often try to convert stolen crypto into regular money or use it on peer-to-peer (P2P) platforms or exchanges with weak Know Your Customer (KYC) procedures, or black-market platforms
Pearl said,” At the end of the day hacking is just like a start in startup, it’s a malicious startup and an operational money”
When asked if WazirX could get their money back, Pearl wasn’t hopeful. He said only about 25% of people who try to recover stolen funds are successful through the bounty program, that is just a way of returning the money from the hacker to the victim and the rest can usually only get back a small amount. Sometimes hackers offer to return part of the money for a ransom, but this is not a reliable way to recover funds. Pearl said the best way to protect your money is to stop the hack before it happens.
The WazirX hack had a big impact on India’s crypto community. Pearl also shared a worrying statistic that attacks on centralized exchanges have surged by 900%, yet many exchanges still rely on internal security rather than hiring dedicated cybersecurity firms which could detect attacks before they happen.
Also Read: Two Months to WazirX Hack: Why Crypto is a Hush Hush Affair in India
