Officials from India's top financial regulatory agencies met with the founders of WazirX | (Image Credit: Pixabay)
Share on
Key Takeaways
The WazirX hacked wallet, which lost over $235M worth of crypto assets, is currently at a $200M balance.
WazirX is reportedly rebalancing its assets by buying and replenishing hacked tokens.
WazirX claimed, if approved by the Singapore court, the proceedings would be the fastest reimbursement in crypto history.
WazirX has started replenishing its hacked wallet, which lost over $230 million worth of crypto assets in the July hack. The balance of the wallet reached over $200 million as WazirX started buying stolen assets from exchanges.
The USD value of assets like SHIB,ETH,PEPE, USDT, FLOKI and LINK now closely resembles the time of the WazirX hack and aligns with the reimbursement amounts calculated.
WazirX Says Balancing Ongoing
Users reported the movement of funds to and from WazirX to foreign crypto exchanges. The crypto exchange said it was in the process of rebalancing tokens.
As part of this, users may notice fund movements between various cold wallets. The exchange notified that temporary asset consolidation is necessary before final allocations to secure cold wallets:
“Once the rebalancing and wallet management efforts are complete, we will share a comprehensive list of all cold wallets and the respective tokens held.”
The crypto exchange noted that once the Scheme is approved by the requisite majority of creditors and sanctioned by the Singapore Court, an initial distribution of net available liquid assets will commence within ten business days of the Scheme becoming effective.
Masud Alam reportedly created a fake WazirX account under the name of Souvik Mondal and sold it via Telegram to another individual. The buyer of the fake WazirX account allegedly used it to drain multiple WazirX crypto wallets.
The report also noted that Liminal, WazirX’s custody partner, has refused to cooperate with the investigation.
The Delhi Cybercrime Department was aided by the Indian Cybercrime Coordination Centre (IFSO) in the investigation. The early investigation found no evidence of unauthorized access to WazirX’s systems, locally or remotely.
The hack pattern and methods used to launder stolen funds were believed to be linked to the Lazarus group. The arrest of the Indian individual and subsequent investigation could potentially lead to the real culprits.
CoinSwitch CEO Accuses WazirX of Transferring Funds After Hack
Ashish Singhal, CEO of Indian crypto exchange CoinSwitch, has taken to X to share damning evidence of WazirX’s alleged fund movements in the aftermath of its July hack.
As CoinSwitch pursues legal action against WazirX, Singhal claims that his team has closely tracked the embattled exchange’s wallet movements.
According to his analysis, WazirX has transferred substantial sums to foreign crypto exchanges such as Bybit and KuCoin.
CoinSwitch’s data reveals that WazirX moved approximately $72.13 million in user funds to Bybit and an additional $1.5 million to KuCoin.
The Indian crypto exchange alleged WazirX made these transfers without notifying its customers, who are owed hundreds of millions of dollars.
In a move that has sparked outrage among Indian cryptocurrency influencers, WazirX has promised to return only 55% of the total funds after a moratorium process, leaving many customers in the dark about their remaining assets.
Moreover, allegations have surfaced that WazirX has been using customer funds to finance its legal battle in Singapore after abruptly halting withdrawals following the hack.
The exchange’s opaque handling of the situation has raised serious questions about its commitment to transparency and customer protection.
WazirX Files Details of 240,000 Exchange Wallets
On Oct. 17, the Indian crypto exchange, which is currently pursuing a restructuring, filed an affidavit with the High Court of Singapore detailing the balance of its 240,000 exchange wallets.
The company announced that the document will be shared with creditors as part of the restructuring of Zettai Pte Ltd, the exchange’s parent company.
Last month, the court ordered WazirX to disclose its crypto holdings, including wallet addresses.
The exchange acknowledged that the number of wallets may be higher than expected but attributed this to the need for a complex network of addresses across various blockchains to manage its 4.3 million users’ crypto balances.
“Many of you may have expected a smaller number, maybe between ten to a few hundred wallets. But as part of our commitment to complete transparency, we’re here to reveal the true scale of the wallets held under WazirX.”
However, the revelation raises questions about the exchange’s handling of customer funds.
Notably, at the time of a recent hack, WazirX had $230 million in customer assets stored in a single wallet, sparking concerns about the company’s risk management practices.
The discrepancy between the large number of wallets and the concentrated storage of funds has left many wondering why the exchange did not distribute its assets more widely, mitigating potential losses in the event of a security breach.
Indian Agencies Meet WazirX Founders
According to local media reports, A team of 10 officials from India’s top financial regulatory agencies met with the founders of WazirX over the past two weeks to discuss the company’s involvement in a massive hacking incident.
The officials, representing the Financial Intelligence Unit, Intelligence Bureau, and the Indian Computer Emergency Response Team, converged on WazirX’s Mumbai office to gather information on the hack, which resulted in the loss of $235 million.
The regulators reportedly investigated server and laptop logs, transaction trails, and the blockchain addresses linked to the hacking.
While no physical electronics were confiscated during the meeting, the officials did collect crucial data as part of their preliminary investigation. People familiar with the inquiry said the government is deeply concerned about the hack’s impact on India’s retail market.
Government agencies have contacted WazirX to better understand the company’s internal workings, including its transaction processes and liquidity management.
The hacking incident has highlighted the risks associated with the largely unregulated cryptocurrency sector. According to a person aware of the investigation, “Grey areas” in the sector’s regulatory framework allegedly contributed to the hack.
Customers who claim the exchange kept them in the dark about the hacking incident have welcomed the Indian government’s involvement in the WazirX case.
An online campaign had been calling for action against the exchange, and the authorities’ probe marks a new development in the case.
What’s Next For WazirX Hack Victims?
WazirX is currently in the middle of a restructuring process in Singapore after a court-approved conditional four-month moratorium for the exchange.
The court ordered WazirX to reveal its current funds and publicize its hacked wallets.
While the crypto exchange has promised to reimburse 55% of the user’s funds after the restructuring process, it was heavily criticized for going to Singapore for the restructuring process.
WazirX, on the other hand, claimed that since Zettai, the private company behind WazirX, is incorporated in Singapore, any legal remedy will be done via Singapore.
However, the crypto exchange’s handling of the customer’s plea made it difficult for hack victims to trust it.
Now, with the Indian government agencies involved, WazirX hack victims hope the Nischal Shetty-led business doesn’t cheat its customers.
WazirX Hacker Launder Stolen ETH
By the final week of September, hackers behind the WazirX hack had laundered nearly all of the stolen funds, just as the crypto exchange entered its restructuring process.
The laundering process began on Sept. 3, with the hacker moving batches of 5,000 Ether (ETH) to Tornado Cash, a crypto mixing service.
The hacker used a very simple two-step method to launder the funds. They first transferred 5,000 ETH to a new address and then funneled the same amount through Tornado Cash in smaller batches.
According to Arkham data, most of the stolen funds were laundered within 22 days.
Arkham charts show a sharp rise in the hacker’s ETH balance on July 18, the day of the hack, followed by a gradual decline as the funds were moved to Tornado Cash.
By Sept. 29, the wallet’s ETH balance had returned to pre-hack levels.
WazirX hacker wallet. Source: Arkham
As legal experts from the exchange assert that a full recovery is extremely unlikely, the hackers’ decision to move the stolen funds to Tornado Cash could potentially complicate matters further.
WazirX Users Might Never Recover Their Hacked Crypto
The revelation came just a week after WazirX canceled all outstanding orders on its platform and announced a restructuring plan, citing its ongoing dispute with Binance.
During the meeting, the exchange’s co-founder, Nischal Shetty, addressed the community’s concerns and provided updates on the restructuring process.
One of the most contentious issues raised was WazirX’s decision to seek restructuring in Singapore rather than India.
Panelists attributed the move to the protracted legal battle with Binance, adding that Singapore was the preferred choice due to Zettai’s presence in the country, which holds users’ crypto assets.
While addressing questions on potential chances of recovery, the legal expert on the panel noted that it’s implausible that the customers who have lost funds due to the hack will be made whole in crypto terms.
According to estimates, users who lost funds in the hack can expect to recover only 52-57% of their crypto portfolio.
To illustrate, a user who lost 100 Ether (ETH) before the hack might recover only 52-57 ETH.
While the expert offered a glimmer of hope, suggesting that the exchange might recover the US dollar value if crypto markets surge in the future, the news was a bitter pill for many users who had pinned their hopes on a full recovery.
Seeking Court Protection Amid $234 M Hack and CoinSwitch Dispute
WazirX has sought refuge in the Singapore High Court, requesting a six-month breathing room to restructure its liabilities following a $234 million hack in July.
This move came as rival exchange CoinSwitch, which claims to have $9.6 million in deposits tied up on the exchange, prepared to take legal action to recover its assets.
Source: X.com
In a bid to stave off potential lawsuits, including CoinSwitch’s, WazirX’s parent company, Zettai Pte, filed for a moratorium, which would grant the exchange reprieve from creditor claims.
As WazirX navigates the complex web of ownership disputes with Binance and potential investor interest, the exchange is racing against time to find a “white knight” to assist with the restructuring.
With over 9,700 withdrawal-related inquiries and four legal notices pending, the pressure is mounting on WazirX to deliver a solution to its 16 million users, who have been left reeling from the devastating hack.
WazirX has also allocated $12 million in cryptocurrency tokens to cover anticipated investigation and legal costs related to the hack and subsequent proceedings.
“Please note that all open orders currently placed on WazirX will be canceled. Any INR and crypto assets blocked in these open orders will be added to your respective balances. This step is part of our ongoing efforts to resolve the issue surrounding INR and crypto balances on the platform.”
It remains uncertain if the exchange’s cancellation of open orders was directly related to the July hack.
Despite the exchange’s claims of reliability, its native token, WazirX (WRX), has seen a dramatic decline of 97% from its all-time high of $5.88 in April 2021, according to CoinMarketCap data.
At the time of writing, the WRX had increased by 3.48% to $0.16. This uptick came after a significant 25% drop on July 19, when the price fell from $0.16 to approximately $0.12, coinciding with the timing of the hack.
WazirX Promises Full Restoration
Initially, WazirX reported it would send emails to users affected by the hack detailing the impacted trades, how much of their funds would be returned, and more.
The exchange promised to refund Tax Deducted at Source (TDS) related to the affected trades.
WazirX also noted that trades involving INR or crypto executed after 1 PM IST on July 18, 2024, will be restored.
The beleaguered exchange asserted that the decision to restore users’ balance to what they were was not made lightly. WazirX shared that it aims to protect the integrity of its platform and facilitate an equitable outcome for users following the hack.
Seemingly, this is a major shift from its previous proposal, where it aimed to share the losses with its users.
Backlash Over Socialized Losses
Before the restoration announcement, WazirX proposed a controversial “socialized losses” plan, dubbed the “55/45 approach.”
The proposal was met with significant backlash from users, as it allowed only 55% of their assets to be traded on the exchange, while the remaining 45% would be converted into Tether (USDT) or other tokens and locked on the platform.
This plan would have affected all users, not just those impacted by the recent hack.
However, given the widespread frustration seen in the polls, with users criticizing the plan as unfair and questioning the exchange’s transparency, the plan didn’t go through.
WazirX’s CEO, Nischal Shetty, clarified that the poll was meant to gather feedback, not make a binding decision.
WazirX Halts Trading, Announces Bounty of $23M
The substantial loss has compromised WazirX’s ability to maintain the crucial 1:1 collateral ratio with its assets, raising serious concerns about the sufficiency of the exchange’s reserves and its capacity to reimburse customers fully.
The exchange also decided to launch a bounty program with a total allocation of $23 million to address its recent security breach. The program is structured into two main categories:
Track & Freeze: This category rewards individuals who provide timely information that leads to the tracking and freezing of stolen funds.
White Hat Recovery: This category is designed for ethical hackers who can help in recovering the assets compromised during the breach.
The bounty program is initially set to run for three months, with the possibility of an extension depending on its success and ongoing needs. WazirX has expressed its commitment to prolonging the program if it yields positive results and further action is deemed necessary.
“Our foremost goal is to recover the stolen funds. This bounty program is designed to tap into the expertise of the community to achieve this critical objective. We remain committed to transparency and collaboration, reinforcing our dedication to a secure and resilient digital finance ecosystem.”
North Korean Hackers Suspected in Massive WazirX Crypto Heist
Based on their on-chain analysis, Blockchain analytics firm Elliptic identified North Korean hackers as the prime suspects in the $235 million WazirX exploit on July 18.
At the time of writing, the hackers had pocketed over 45% of the exchange’s total funds and were reportedly on the run.
The hackers siphoned nearly $235 million worth of crypto assets, spanning over 200 unique tokens. This included approximately $96.7 million in Shiba Inu (SHIB), $52.6 million in Ether (ETH), $11 million in Polygon (MATIC), and $7.6 million in Pepe (PEPE).
Source: Elliptic
The blockchain security firm noted that the thief had already converted several of these tokens into Ether using various decentralized services, frequently used by hackers to launder money.
Blockchain sleuth ZachXBT, after tracing the origins of the WazirX hack from the initial exploiter address, suggested on X that the attack bears similarities to a Lazarus Group operation.
The Lazarus Group, a notorious North Korean cybercrime syndicate, has been implicated in various high-profile cyber incidents since 2010. It ventured into targeting the cryptocurrency sector in 2017 and is believed to be responsible for several major heists, including the $600 million theft from the Ronin Bridge.
WazirX Halts Withdrawals After Massive Hack
Indian crypto exchange WazirX suspended withdrawals on July 18 following a hack that drained nearly half its reserves. The exchange blamed the incident on a “force majeure event” and actively worked to recover the stolen funds.
At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:
» Incident Overview: A cyber attack occurred in one of our multisig wallets…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
According to a threat intelligence report from blockchain research firm TRM, by June 24, 2024, hackers had stolen $1.38 billion, a significant increase from $657 million stolen by the same date the previous year.
The report also highlights that in May, the Japanese cryptocurrency exchange DMM Bitcoin was hit by the year’s largest attack, with over 4,500 BTC stolen. At the time of the theft, these bitcoins were valued at over $300 million.
Hackers Move Over $234.9M from WazirX in Suspected Crypto Heist
According to the security platform Cyvers, which flagged multiple suspicious transactions on the platform, hackers moved over $234.9 million worth of funds from WazirX to a new address. The security firm noted that transactions from crypto mixing service Tornado Cash initiated the hack, highlighting potential concerns about the source of the funds.
🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.
A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.
Cyvers reported that the address linked to the hackers had begun converting PEPE, GALA, and USDT into Ethereum. The security firm confirmed active swapping of other assets as well. Despite their attempts to contact WazirX, Cyvers has yet to receive a response.
Cyvers also told CCN that, in the case of WazirX, it assisted in tracking the stolen funds and provided comprehensive data to aid the recovery efforts.
It confirmed:
“At this moment, we do not have further updates on the recovery of the stolen assets. Our focus remains on providing detailed and actionable intelligence to support their recovery processes.”
In his Telegram post, popular on-chain detective ZachXBT also sounded the alarm on the incident, sharing information such as the theft address.
Source: Telegram
WazirX did not immediately respond to CCN’s request for comment.
Hackers Unload Millions in SHIB, MATIC, PEPE After WazirX Breach
The compromised wallet has been actively offloading the stolen assets, including 640.27 billion PEPE tokens, valued at approximately $7.6 million. Additionally, it transferred substantial amounts of other cryptocurrencies: 20.5 million MATIC tokens worth $11.2 million and a massive 5.4 trillion SHIB tokens valued at $102.1 million. The wallet also moved 15,298 ETH during the breach, equivalent to $52.5 million. These transfers have raised serious concerns among WazirX users about the security of their funds. Nevertheless, WazirX has reassured its users that their funds remain secure following the hack.
Source: x/cafebit.org
According to on-chain data, the hacker held approximately $211 million in cryptocurrencies at press time, with the majority of the assets in the wallet, including $4.7 million in Floki (FLOKI), $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).
The remaining funds were distributed among a diverse array of other tokens.
WazirX Halts Withdrawals After Security Breach
In response to the security breach, WazirX has acknowledged the incident through their Telegram announcement channel. The exchange stated that their team is actively investigating the matter.
Source: Telegram
As a precautionary measure, WazirX has temporarily paused both Indian Rupee (INR) and crypto withdrawals to address the situation and prevent further unauthorized transactions.
Binance Clarifies Non-Ownership in WazirX’s Parent Company
In May this year, amidst regulatory changes, Binance confirmed it had been entangled in internal disputes with WazirX since 2022. WazirX was perceived as Binance’s local arm after allegations surfaced that Binance controlled the WRX token.
Following a prolonged public disagreement, former Binance CEO Changpeng Zhao clarified that Binance does not hold any shares in Zanmai Labs, the parent company of WazirX.