Home / News / Crypto / News / WazirX $235M Hack: Indian Exchange Replenish Hacked Wallet, Reimbursement Near?
News
17 min read

WazirX $235M Hack: Indian Exchange Replenish Hacked Wallet, Reimbursement Near?

Published
Prashant Jha
Published
By Prashant Jha
Edited by Insha Zia
Key Takeaways
  • The WazirX hacked wallet, which lost over $235M worth of crypto assets, is currently at a $200M balance.
  • WazirX is reportedly rebalancing its assets by buying and replenishing hacked tokens.
  • WazirX claimed, if approved by the Singapore court, the proceedings would be the fastest reimbursement in crypto history.

WazirX has started replenishing its hacked wallet, which lost over $230 million worth of crypto assets in the July hack. The balance of the wallet reached over $200 million as WazirX started buying stolen assets from exchanges.

The USD value of assets like SHIB, ETH, PEPE, USDT, FLOKI and LINK now closely resembles the time of the WazirX hack and aligns with the reimbursement amounts calculated.

WazirX Says Balancing Ongoing

Users reported the movement of funds to and from WazirX to foreign crypto exchanges. The crypto exchange said it was in the process of rebalancing tokens.

As part of this, users may notice fund movements between various cold wallets. The exchange notified that temporary asset consolidation is necessary before final allocations to secure cold wallets:

“Once the rebalancing and wallet management efforts are complete, we will share a comprehensive list of all cold wallets and the respective tokens held.”

The crypto exchange noted  that once the Scheme is approved by the requisite majority of creditors and sanctioned by the Singapore Court, an initial distribution of net available liquid assets will commence within ten business days of the Scheme becoming effective.

Police Arrest Accused Behind Fake Account

Masud Alam reportedly created a fake WazirX account  under the name of  Souvik Mondal and sold it via Telegram to another individual. The buyer of the fake WazirX account allegedly used it to drain multiple WazirX crypto wallets.

The report also noted that Liminal, WazirX’s custody partner, has refused to cooperate with the investigation.

The Delhi Cybercrime Department was aided by the Indian Cybercrime Coordination Centre (IFSO) in the investigation. The early investigation found no evidence of unauthorized access to WazirX’s systems, locally or remotely.

The hack pattern and methods used to launder stolen funds were believed to be linked to the Lazarus group. The arrest of the Indian individual and subsequent investigation could potentially lead to the real culprits.

CoinSwitch CEO Accuses WazirX of Transferring Funds After Hack

Ashish Singhal, CEO of Indian crypto exchange CoinSwitch, has taken to X  to share damning evidence of WazirX’s alleged fund movements in the aftermath of its July hack.

As CoinSwitch pursues legal action against WazirX, Singhal claims that his team has closely tracked the embattled exchange’s wallet movements.

According to his analysis, WazirX has transferred substantial sums to foreign crypto exchanges such as Bybit and KuCoin.

CoinSwitch’s data reveals that WazirX moved approximately $72.13 million in user funds to Bybit and an additional $1.5 million to KuCoin.

The Indian crypto exchange alleged WazirX made these transfers without notifying its customers, who are owed hundreds of millions of dollars.

In a move that has sparked outrage among Indian cryptocurrency influencers, WazirX has promised to return only 55% of the total funds after a moratorium process, leaving many customers in the dark about their remaining assets.

Moreover, allegations have surfaced that WazirX has been using customer funds to finance its legal battle in Singapore after abruptly halting withdrawals following the hack.

The exchange’s opaque handling of the situation has raised serious questions about its commitment to transparency and customer protection.

WazirX Files Details of 240,000 Exchange Wallets

On Oct. 17, the Indian crypto exchange, which is currently pursuing a restructuring, filed an affidavit with the High Court of Singapore detailing the balance of its 240,000 exchange wallets.

The company announced  that the document will be shared with creditors as part of the restructuring of Zettai Pte Ltd, the exchange’s parent company.

Last month, the court ordered WazirX to disclose its crypto holdings, including wallet addresses.

The exchange acknowledged that the number of wallets may be higher than expected but attributed this to the need for a complex network of addresses across various blockchains to manage its 4.3 million users’ crypto balances.

“Many of you may have expected a smaller number, maybe between ten to a few hundred wallets. But as part of our commitment to complete transparency, we’re here to reveal the true scale of the wallets held under WazirX.”

However, the revelation raises questions about the exchange’s handling of customer funds.

Notably, at the time of a recent hack, WazirX had $230 million in customer assets stored in a single wallet, sparking concerns about the company’s risk management practices.

The discrepancy between the large number of wallets and the concentrated storage of funds has left many wondering why the exchange did not distribute its assets more widely, mitigating potential losses in the event of a security breach.

Indian Agencies Meet WazirX Founders

According to local media reports ,  A team of 10 officials from India’s top financial regulatory agencies met with the founders of WazirX over the past two weeks to discuss the company’s involvement in a massive hacking incident.

The officials, representing the Financial Intelligence Unit, Intelligence Bureau, and the Indian Computer Emergency Response Team, converged on WazirX’s Mumbai office to gather information on the hack, which resulted in the loss of $235 million.

The regulators reportedly investigated server and laptop logs, transaction trails, and the blockchain addresses linked to the hacking.

While no physical electronics were confiscated during the meeting, the officials did collect crucial data as part of their preliminary investigation. People familiar with the inquiry said the government is deeply concerned about the hack’s impact on India’s retail market.

Government agencies have contacted WazirX to better understand the company’s internal workings, including its transaction processes and liquidity management.

The hacking incident has highlighted the risks associated with the largely unregulated cryptocurrency sector. According to a person aware of the investigation, “Grey areas” in the sector’s regulatory framework allegedly contributed to the hack.

Customers who claim the exchange kept them in the dark about the hacking incident have welcomed the Indian government’s involvement in the WazirX case.

An online campaign had been calling for action against the exchange, and the authorities’ probe marks a new development in the case.

What’s Next For WazirX Hack Victims?

WazirX is currently in the middle of a restructuring process in Singapore after a court-approved conditional four-month moratorium for the exchange.

The court ordered WazirX to reveal its current funds and publicize its hacked wallets.

While the crypto exchange has promised to reimburse 55% of the user’s funds after the restructuring process, it was heavily criticized for going to Singapore for the restructuring process.

WazirX, on the other hand, claimed that since Zettai, the private company behind WazirX, is incorporated in Singapore, any legal remedy will be done via Singapore.

However, the crypto exchange’s handling of the customer’s plea made it difficult for hack victims to trust it.

Now, with the Indian government agencies involved, WazirX hack victims hope the Nischal Shetty-led business doesn’t cheat its customers.

WazirX Hacker Launder Stolen ETH

By the final week of September, hackers behind the WazirX hack had laundered nearly all of the stolen funds, just as the crypto exchange entered its restructuring process.

The laundering process began on Sept. 3, with the hacker moving batches of 5,000 Ether (ETH) to Tornado Cash, a crypto mixing service.

The hacker used a very simple two-step method to launder the funds. They first transferred 5,000 ETH to a new address and then funneled the same amount through Tornado Cash in smaller batches.

According to Arkham data,  most of the stolen funds were laundered within 22 days.

Arkham charts show a sharp rise in the hacker’s ETH balance on July 18, the day of the hack, followed by a gradual decline as the funds were moved to Tornado Cash.

By Sept. 29, the wallet’s ETH balance had returned to pre-hack levels.

ETH balance in hacker wallet.
WazirX hacker wallet. Source: Arkham

As legal experts from the exchange assert that a full recovery is extremely unlikely, the hackers’ decision to move the stolen funds to Tornado Cash could potentially complicate matters further.

WazirX Users Might Never Recover Their Hacked Crypto

The revelation came just a week after WazirX canceled  all outstanding orders on its platform and announced a restructuring plan, citing its ongoing dispute with Binance.

During the meeting, the exchange’s co-founder, Nischal Shetty, addressed the community’s concerns and provided updates on the restructuring process.

One of the most contentious issues raised was WazirX’s decision to seek restructuring in Singapore rather than India.

Panelists attributed the move to the protracted legal battle with Binance, adding that Singapore was the preferred choice due to Zettai’s presence in the country, which holds users’ crypto assets.

While addressing questions on potential chances of recovery, the legal expert on the panel noted that it’s implausible that the customers who have lost funds due to the hack will be made whole in crypto terms.

According to estimates, users who lost funds in the hack can expect to recover only 52-57% of their crypto portfolio.

To illustrate, a user who lost 100 Ether (ETH) before the hack might recover only 52-57 ETH.

While the expert offered a glimmer of hope, suggesting that the exchange might recover the US dollar value if crypto markets surge in the future, the news was a bitter pill for many users who had pinned their hopes on a full recovery.

Seeking Court Protection Amid $234 M Hack and CoinSwitch Dispute

WazirX has sought refuge in the Singapore High Court, requesting a six-month breathing room to restructure its liabilities following a $234 million hack in July.

This move came as rival exchange CoinSwitch, which claims to have $9.6 million in deposits tied up on the exchange, prepared to take legal action to recover its assets.

Coinswitch
Source: X.com

In a bid to stave off potential lawsuits, including CoinSwitch’s, WazirX’s parent company, Zettai Pte, filed for a moratorium, which would grant the exchange reprieve from creditor claims.

As WazirX navigates the complex web of ownership disputes with Binance and potential investor interest, the exchange is racing against time to find a “white knight” to assist with the restructuring.

With over 9,700 withdrawal-related inquiries and four legal notices pending, the pressure is mounting on WazirX to deliver a solution to its 16 million users, who have been left reeling from the devastating hack.

WazirX has also allocated $12 million in cryptocurrency tokens to cover anticipated investigation and legal costs related to the hack and subsequent proceedings.

WazirX Cancels Open Orders Amid Ongoing Issues

According to its post on X :
“Please note that all open orders currently placed on WazirX will be canceled. Any INR and crypto assets blocked in these open orders will be added to your respective balances. This step is part of our ongoing efforts to resolve the issue surrounding INR and crypto balances on the platform.”

It remains uncertain if the exchange’s cancellation of open orders was directly related to the July hack.

Despite the exchange’s claims of reliability, its native token, WazirX (WRX), has seen a dramatic decline of 97% from its all-time high of $5.88 in April 2021, according to CoinMarketCap data .

At the time of writing, the WRX had increased by 3.48%  to $0.16. This uptick came after a significant 25% drop on July 19, when the price fell from $0.16 to approximately $0.12, coinciding with the timing of the hack.

WazirX Promises Full Restoration

Initially, WazirX reported it would send emails to users affected by the hack detailing the impacted trades, how much of their funds would be returned, and more.

The exchange promised to refund Tax Deducted at Source (TDS) related to the affected trades.

WazirX also noted that trades involving INR or crypto executed after 1 PM IST on July 18, 2024, will be restored.

The beleaguered exchange asserted that the decision to restore users’ balance to what they were was not made lightly. WazirX shared that it aims to protect the integrity of its platform and facilitate an equitable outcome for users following the hack.

Seemingly, this is a major shift from its previous proposal, where it aimed to share the losses with its users.

Backlash Over Socialized Losses

Before the restoration announcement , WazirX proposed a controversial “socialized losses” plan, dubbed the “55/45 approach.”

The proposal was met with significant backlash from users, as it allowed only 55% of their assets to be traded on the exchange, while the remaining 45% would be converted into Tether (USDT) or other tokens and locked on the platform.

This plan would have affected all users, not just those impacted by the recent hack.

However, given the widespread frustration seen in the polls, with users criticizing the plan as unfair and questioning the exchange’s transparency, the plan didn’t go through.

WazirX’s CEO, Nischal Shetty, clarified  that the poll was meant to gather feedback, not make a binding decision.

WazirX Halts Trading, Announces Bounty of $23M

The substantial loss has compromised WazirX’s ability to maintain the crucial 1:1 collateral ratio with its assets, raising serious concerns about the sufficiency of the exchange’s reserves and its capacity to reimburse customers fully.

The exchange also decided to launch a bounty program  with a total allocation of $23 million to address its recent security breach. The program is structured into two main categories:
  • Track & Freeze: This category rewards individuals who provide timely information that leads to the tracking and freezing of stolen funds.
  • White Hat Recovery: This category is designed for ethical hackers who can help in recovering the assets compromised during the breach.

The bounty program is initially set to run for three months, with the possibility of an extension depending on its success and ongoing needs. WazirX has expressed its commitment to prolonging the program if it yields positive results and further action is deemed necessary.

According to  Nischal Shetty, Founder of WazirX:

“Our foremost goal is to recover the stolen funds. This bounty program is designed to tap into the expertise of the community to achieve this critical objective. We remain committed to transparency and collaboration, reinforcing our dedication to a secure and resilient digital finance ecosystem.”

North Korean Hackers Suspected in Massive WazirX Crypto Heist

Based on their on-chain analysis, Blockchain analytics firm Elliptic identified  North Korean hackers as the prime suspects in the $235 million WazirX exploit on July 18.

At the time of writing, the hackers had pocketed over 45% of the exchange’s total funds and were reportedly on the run.

The hackers siphoned nearly $235 million worth of crypto assets, spanning over 200 unique tokens. This included approximately $96.7 million in Shiba Inu (SHIB), $52.6 million in Ether (ETH), $11 million in Polygon (MATIC), and $7.6 million in Pepe (PEPE).

WazirX breach
Source: Elliptic
The blockchain security firm noted that the thief had already converted  several of these tokens into Ether using various decentralized services, frequently used by hackers to launder money.

Blockchain sleuth ZachXBT, after tracing the origins of the WazirX hack from the initial exploiter address, suggested  on X that the attack bears similarities to a Lazarus Group operation.

The Lazarus Group, a notorious North Korean cybercrime syndicate, has been implicated in various high-profile cyber incidents since 2010. It ventured into targeting the cryptocurrency sector in 2017 and is believed to be responsible for several major heists, including the $600 million theft from the Ronin Bridge.

WazirX Halts Withdrawals After Massive Hack

Indian crypto exchange WazirX suspended withdrawals on July 18 following a hack that drained nearly half its reserves. The exchange blamed the incident on a “force majeure event” and actively worked to recover the stolen funds.

 

According to a threat intelligence report  from blockchain research firm TRM, by June 24, 2024, hackers had stolen $1.38 billion, a significant increase from $657 million stolen by the same date the previous year.

The report also highlights that in May, the Japanese cryptocurrency exchange DMM Bitcoin was hit by the year’s largest attack, with over 4,500 BTC stolen. At the time of the theft, these bitcoins were valued at over $300 million.

Hackers Move Over $234.9M from WazirX in Suspected Crypto Heist

According to  the security platform Cyvers, which flagged multiple suspicious transactions on the platform, hackers moved over $234.9 million worth of funds from WazirX to a new address. The security firm noted that transactions from crypto mixing service Tornado Cash initiated the hack, highlighting potential concerns about the source of the funds.

Cyvers reported that the address linked to the hackers had begun converting PEPE, GALA, and USDT into Ethereum. The security firm confirmed active swapping of other assets as well. Despite their attempts to contact WazirX, Cyvers has yet to receive a response.

Cyvers also told CCN that, in the case of WazirX, it assisted in tracking the stolen funds and provided comprehensive data to aid the recovery efforts.

It confirmed:

“At this moment, we do not have further updates on the recovery of the stolen assets. Our focus remains on providing detailed and actionable intelligence to support their recovery processes.”

In his Telegram post , popular on-chain detective ZachXBT also sounded the alarm on the incident, sharing information such as the theft address.

Telegram Zach
Source: Telegram

WazirX did not immediately respond to CCN’s request for comment.

Hackers Unload Millions in SHIB, MATIC, PEPE After WazirX Breach

The compromised wallet has been actively offloading the stolen assets , including 640.27 billion PEPE tokens, valued at approximately $7.6 million. Additionally, it transferred substantial amounts of other cryptocurrencies: 20.5 million MATIC tokens worth $11.2 million and a massive 5.4 trillion SHIB tokens valued at $102.1 million. The wallet also moved 15,298 ETH during the breach, equivalent to $52.5 million. These transfers have raised serious concerns among WazirX users about the security of their funds. Nevertheless, WazirX has reassured  its users that their funds remain secure following the hack.

WazirX stolen assets
Source: x/cafebit.org

According to on-chain data , the hacker held approximately $211 million in cryptocurrencies at press time, with the majority of the assets in the wallet, including $4.7 million in Floki (FLOKI), $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), and $2.3 million in Fetch.ai (FET).

The remaining funds were distributed among a diverse array of other tokens.

WazirX Halts Withdrawals After Security Breach

In response to the security breach, WazirX has acknowledged  the incident through their Telegram announcement channel. The exchange stated that their team is actively investigating the matter.

WazirX telegram
Source: Telegram

As a precautionary measure, WazirX has temporarily paused both Indian Rupee (INR) and crypto withdrawals to address the situation and prevent further unauthorized transactions.

Binance Clarifies Non-Ownership in WazirX’s Parent Company

In May this year, amidst regulatory changes, Binance confirmed it had been entangled in internal disputes with WazirX since 2022. WazirX was perceived as Binance’s local arm after allegations surfaced that Binance controlled the WRX token.

Following a prolonged public disagreement, former Binance CEO Changpeng Zhao clarified that Binance does not hold any shares in Zanmai Labs, the parent company of WazirX.

Was this Article helpful? Yes No

Prashant Jha

Prashant Jha is a crypto-journalist focused on the US and UK markets, his interests lie in blockchain technology and crypto adoption across emerging economies.
See more