It was the morning of July 18 when WazirX crypto exchange founder Nischal Shetty received a dispatch call on Whatsapp from the Vice President of a Web3 Cyber Security Firm. The call was an alert for Shetty that hackers were fast draining wealth from a cold multi-signature wallet of his exchange.
The drained amount was of massive proportions- $234.9 Million or Rs 2000 crore worth of cryptocurrencies that belonged to 4.4 million users in India. Initially, Shetty couldn’t believe his ears and demanded proof from the security firm regarding the hack.
The firm complied with the evidence but by the time WazirX management could initiate their countermeasures, the damage was done and it’s ramifications are still seen, three months later, as lakhs of users anxiously await retrieval of their suspended funds in the exchange.
The security firm that first sent alert to Nischal Shetty was Cyvers and today, The Crypto Times team had the opportunity to interact with its vice president Micheal Pearl over rising cyber crime challenges in web3 finance domain, chilling patterns in workings of hackers and scammers and how Artificial Intelligence can serve as an efficient tool to pre-empt hacking instances and prevent them.
In this free wheeling discussion with The Crypto Times Editor Vaibhav Jha, Pearl shares some, never reported before insights from the biggest crypto exchange hack of India- the WazirX Hack.
The Crypto Times: “Hello Michael, tell us about how Cyvers spotted the WazirX hack on July 18 morning.”
Michael : “Hello Vaibhav, so WazirX had this beautiful infrastructure that was supposed to protect them. Any security firm, before the July 18 hack, would have told you that WazirX multi-sig wallet is safe since there are multiple custodians as signers and top of that, they have Liminal Custody as security partner. But nothing worked on July 18 morning. “
“WazirX was targeted by a malicious smart contracts, that was designed in the first place, for the only objective of exploiting a wallet address. We deploy AI mechanism to monitor blockchain transactions, detect anomalies and analyze malicious smart contracts. Using our AI engines, we found out within minutes that a malicious smart contracts has been deployed on a cold multi-sig wallet, draining its wealth. However, we didn’t know immediately who the owner of the exchange was.”
“For that link to work, we need to work with the organization to deploy both real time monitoring mechanism as well as defense firewall. We were the first ones to detect WazirX hack and we say with almost certainity that we could have prevented the hack had we been working with the organization.”
The Crypto Times: “You have analyzed the WazirX hack and in a recently published security report by Cyvers, there were 61 other major hacking incidents reported in 2022-23. Did you see any particular pattern emerging among hackers? Do you see this as work of an organization or a rouge state sponsored project?”
Michael: “To be honest, its quite diverse, you have mix of everything. Not too long ago, two brothers from Canada were indicted for stealing $20 million dollars so we do have those occasional hackers who operate from their basements and garages.”
“But when we talk about big cases like that of WazirX, BingX we are not talking about small timers, we are talking about either country sponsored hackers or conglomerates as we saw in the WazirX case where there is a possibility that this could be work of the Lazarus Group. It’s a big boys’ game where you need to have funds, serious hardware, people with right skillset and infrastructure.”
“The new era of hackers are super sophisticated, they are now deploying AI technology, Quantum Computing, they are light years ahead of the methods applied by the web3 companies even today. So there needs to be different set of solutions that will counter hacker.”
The Crypto Times: “Tell us about the real-time monitoring aspect of Cyvers.”
Michael: “We deploy use of AI technology and we have several AI engines that are trained on previous hacks. We can even accurately predict and counter ‘Zero Day Attack’ which means the attack that has not happened yet with the help of AI mechanism. We also use transaction Firewall where we analyze every transaction coming and going out from the company and catch the malicious smart contracts and blocked it all together. “
The Crypto Times: “What has been the real time response of affected companies in these 61 hacking incidents that Cyvers studied?”
Michael: “We have statistics that say that the average response time of companies was four hours. The affected companies have had several audits done by multiple agencies and yet it was not enough. Hackers love odd timings such as middle of the night, weekend and holidays to attack and naturally, it takes time to get to know about the hack. But its very frustrating to call up companies and tell them that they are being hacked and we do it on almost an everyday basis now. Because we could see that person’s life savings draining out of wallets and there is nothing that can be done at that moment. It is very unfortunate what is happening with the WazirX users in India.”
Also Read: “I alerted Nischal of WazirX Hack, He didn’t believe first”: Cyvers VP
