The WazirX case, a massive cyber hack that occurred in early July 2024, has witnessed tremendous developments over the past five months. Let’s explore updates on the timeline of the WazirX cyberattack, key events, and ongoing issues.
On July 18, 2024, WazirX, one of the leading cryptocurrency exchanges, was hacked in a major cyberattack on one of its multi-sig wallets. The breach led to the theft of around $230 million in digital assets, or approximately ₹2,000 crore. Thus impacting around 45% of the total digital assets on the platform. This has further dented investor confidence, as WazirX is one of India's most widely used exchanges.
WazirX suffered a sophisticated cyberattack on its multi-sig wallet, resulting in the loss of $234.9 million worth of crypto assets. The exchange immediately froze all INR and crypto withdrawals to prevent further losses and initiated an internal investigation.
WazirX alerted its users to the attack and attributed the blame to Liminal Custody, its wallet service provider, for not securing its systems. Liminal, however, released a post-mortem report that claimed their system was not compromised and that three WazirX devices were likely the point of attack.
The hack froze 34% of INR deposits but allowed trading for three days, a practice that later sparked criticism for holding users' funds without explanation.
The investigators concluded that the North Korean hacking group Lazarus Group was responsible for the hack. The group is infamous for massive cryptocurrency thefts across the globe. The involvement of this group sparked an alarm over vulnerabilities in WazirX's security system.
WazirX hired the cybersecurity firm Mandiant to conduct a forensic investigation. The report concluded that WazirX's internal systems were not compromised and pointed the blame to external factors, specifically the multi-sig wallet's vulnerability.
CoinSwitch, a competitor exchange, filed a lawsuit to recover $9.65 million worth of funds trapped in WazirX accounts due to the hack.
WazirX's mixed reporting regarding the quantum of funds stolen and its opaqueness regarding financial reserves, in particular, raised concerns within the crypto community.
WazirX wallet provider Liminal Custody had an independent audit performed by Grant Thornton that had nothing to indicate internal compromise; so, the breach had occurred on another vector.
WazirX introduced a controversial “Socialized Loss Strategy,” which forced users to either forfeit the possibility of withdrawals or risk having their assets rebalanced with a lower recovery priority. This strategy was heavily criticized for its restrictive nature.
Authorities arrested Masud Alam, a suspect linked to the hack, in November 2024. Alam allegedly facilitated the breach by creating a fraudulent account used by the hacker.
Despite this arrest, the main hacker, M Hasan, is still at large, and law enforcement officials are having it tough to apprehend him because of political instability in Bangladesh, where he was last seen.
On 19 December 2024, the Delhi High Court directed a fresh investigation into the hacking incident. The court dismissed the initial findings that there was no substantial criminal case and directed further investigation into the facts of the theft.
Till December 2024, the stolen money has been partially laundered, leaving behind $6 million in Ether unlaundered. Authorities are investigating the laundering activities that involved platforms like Tornado Cash.
Key investigating agencies, including FIU and CERT-In, are already tracking these siphoned funds. This will go further to get coordinated information from WazirX management. The scope now is to expand with global cooperation since WazirX's parent company has had a lot of focus to scrutinize from India and even other global law-making bodies.
As of Dec 20, 2024, WazirX's parent company, Zettai, has applied with the Singapore court to hold a shareholders' meeting. The meeting will be held for voting on a proposed scheme of settlement as the company plans to resume crypto withdrawals by mid-April 2025. The hearing for this application is scheduled for January 22, 2025.
Under the proposed scheme, WazirX aims to compensate affected users by redistributing net liquid assets worth $565.7 million, sharing profits from a planned decentralized exchange, and recovering illiquid assets. Users have filed claims totaling $546 million against the exchange.
If approved by the court and shareholders, the distribution of liquid assets will begin within 10 days of implementation. Additionally, WazirX has committed to sharing profits from its new business and recovered assets over the next three years as part of the closure plan.
WazirX also comes under increasing legal force. Following the hacking, it has filed a moratorium in the Singapore High Court to avoid immediate actions, reorganizing while awaiting its decision.
Some are still in court, and others are filed; one of those against it is from CoinSwitch, and another class action is to get $600,000 in damages for WazirX. Meanwhile, Binance, which had a stake in WazirX, announced that it would delist WazirX’s native token WRX due to operational concerns, further damaging the exchange’s reputation.
After the hacking incident, WazirX has suspended trading and withdrawal. The company has put this on hold to ensure no more financial loss; this is part of their recovery process. WazirX also indicated that it is restoring user account balances to the pre-hacking state. This includes a cryptocurrency balance close to its initial state for affected users.
The parent company of WazirX, Zettai Pte Ltd, filed a moratorium application with the Singapore High Court on August 27, 2024, under Section 64 of the Insolvency, Restructuring, and Dissolution Act 2018.
The step is part of a plan to restructure the liabilities of the company by invoking a scheme of arrangement. This scheme is primarily aimed at the cryptocurrency balances of affected users following the cyberattack. This legal measure is crucial in streamlining the recovery process and in reorganizing company operations due to the crisis.
The investigation is currently in place, with WazirX cooperating with Indian and Singaporean authorities. In cooperation with local agencies like CERT-In (Computer Emergency Response Team) and FIU (Financial Intelligence Unit), they are tracing down hackers who steal the remaining assets.
Since WazirX is operated by Zettai Pte Ltd, a Singapore-based entity, it is regulated under the laws of Singapore. In addition, Liminal Custody, the wallet service provider for WazirX, is also based in Singapore, which adds an international jurisdiction layer to the investigation and legal proceedings. The complexity is further compounded by the fact that the exchange has a large user base in India, which is creating challenges in terms of legal and regulatory clarity.
In response to the breach, WazirX’s parent entity, Zettai Pte Ltd, applied a Scheme of Arrangement in the Singapore High Court. This highlights how the breach is being dealt with across multiple legal jurisdictions, including Singapore and India, both of which have a significant stake in the ongoing recovery efforts.
The latest update has certainly shaken investors who stayed optimistic about a WazirX crypto revival. However, it remains to be seen how well the company can execute its settlement plan. Shareholders will have to keep a close eye on further developments regarding the same.