India’s Largest Crypto Heist: WazirX Faces NCLT Petition After $230 Million Theft, Halts Withdrawals

On July 18, 2024, WazirX, one of India’s leading cryptocurrency exchanges, was the target of a significant cyber attack that resulted in the theft of digital assets valued at over $230 million. The attack compromised one of the exchange’s multisig wallets, which was managed using Liminal’s digital asset custody and wallet infrastructure. This incident has severely impacted WazirX’s ability to maintain 1:1 collateral with assets.

Immediate Response and Actions Taken

In response to the attack, WazirX swiftly implemented several critical measures:

1. Reporting the Incident: The exchange promptly filed an online complaint through the National Cyber Crime Reporting Portal and is in the process of submitting a physical complaint. Additionally, WazirX reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In to ensure a comprehensive response from the relevant authorities.
2. Exchange Notifications: To prevent further damage, WazirX proactively reached out to over 500 exchanges, requesting them to block the identified addresses linked to the theft. Many exchanges have cooperated, and WazirX is actively working with them to support recovery efforts.
3. Engaging Cybersecurity Experts: WazirX is collaborating with top cybersecurity experts to assist in investigating the attack and recovering the stolen assets. These experts are helping analyze the incident, identify vulnerabilities, and develop strategies for asset recovery. Preliminary findings from these efforts have been made available.
4. Launching a Bounty Program: To incentivize the recovery of stolen assets, WazirX introduced a bounty program offering up to $10,000 worth of USDT for actionable intelligence leading to the freezing and recovery of the funds. Additionally, the exchange is offering a White Hat Bounty of up to $23 million for those who assist in this endeavor.
5. Suspending Deposits and Withdrawals: To protect user assets, WazirX temporarily paused all INR and crypto deposits and withdrawals on its platform.
6. Halting Trading Activities: While the exchange initially advised against trading due to the partial collateralization of assets, it has now decided to pause all trading activities. This will allow WazirX to thoroughly examine the affected systems, forensic data, and conduct a comprehensive security audit.

Next Steps and Ongoing Efforts

1. Forensic Analysis: WazirX is continuing to analyze all available forensic data in collaboration with industry experts to fully understand the scope of the attack and devise effective recovery strategies.
2. Enabling Withdrawals: The exchange’s team is diligently working on re-enabling fund withdrawals. This process requires careful forensic analysis and security audits, which take time. WazirX appreciates the patience of its users and assures them that their safety and security remain the exchange’s top priority.
3. Regular Updates: WazirX is committed to keeping its community informed with regular updates as progress is made in this complex situation. The exchange aims to maintain transparency and address any concerns users may have.

Force Majeure and Commitment to Recovery

This unfortunate event is a force majeure beyond WazirX’s control, but the exchange is doing everything in its power to locate and recover the stolen funds. While some of the stolen assets have been successfully tracked and blocked, further details cannot be disclosed at this time. WazirX is collaborating with top resources and experts to assist in the recovery efforts.

Important Information for Users

Stay Vigilant: Users should be aware of scam bots impersonating official WazirX accounts and potential phishing attempts. WazirX will never ask for private keys or passwords. All official communications will come from the exchange’s verified channels. The official website and X (Twitter) accounts can be accessed here and here. Suspicious activities should be reported immediately, and a continuously updated list of fake websites and handles is available here.

Affected Ethereum Wallet Address: 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4

Contact WazirX: For any queries or further information, users are encouraged to reach out to the support team via WazirX Support.

About The Author