India-based centralized exchange WazirX is currently in the process of seeking partnerships to restore its full operations after experiencing a significant exploit that led to the loss of nearly half of its assets. Co-founder Nischal Shetty shared this development in a social media post on July 23, reassuring users that the team is actively working on finding a solution to restart its services. Shetty mentioned reaching out to potential partners to address the issue and help customers regain access to platform deposits, withdrawals, and trading functionalities.
WazirX revealed that a security breach occurred in one of its multisig wallets, resulting in the loss of over $230 million in user assets. The stolen funds included a wide range of cryptocurrencies, such as SHIB tokens, Ethereum tokens, Matic tokens, Pepe tokens, USDT, and Gala tokens. These assets represented approximately 50% of WazirX’s total holdings, as reported in its June proof-of-reserves statement. The exchange had to temporarily halt trading due to the impact of the hack on its ability to maintain 1:1 collaterals with assets.
In response to the security breach, Shetty mentioned ongoing efforts to make affected customers whole again. He expressed that the team is exploring various solutions and ideas to address the situation and ensure the security of user funds. Additionally, WazirX is actively collaborating with law enforcement agencies to identify the perpetrators behind the hack and recover the stolen funds. Despite the challenges faced, the exchange remains committed to resolving the issue and restoring trust among its user base.
To incentivize the hackers to return the stolen funds, WazirX has launched a $23 million bounty program. The exchange has already received numerous entries and is currently reviewing them. However, market observers have expressed skepticism about the likelihood of the funds being returned, citing the alleged association of the attackers with North Korea’s Lazarus Group. Despite the challenges ahead, WazirX continues to maintain that the hack was not a result of vulnerabilities in its product infrastructure.
Following the security breach, WazirX clarified that the hack did not impact the firm’s fiat INR funds. However, it did not provide details on whether INR withdrawals would be enabled in the near future. The exchange refuted claims that compromised wallet hardware played a role in the exploit, stating that the hacked multisig wallet was hosted by third-party custody provider Liminal. In response, Liminal argued that its infrastructure remained secure and attributed the security breach to compromised devices owned by WazirX. Shetty defended the exchange’s stance, emphasizing that the hack did not result from a phishing link but rather from the utilization of three signatures from three different devices with distinct hardware wallets.
The aftermath of WazirX’s security breach underscores the importance of robust cybersecurity measures in the cryptocurrency industry. The incident serves as a reminder of the ongoing threats faced by digital asset exchanges and the need for proactive security protocols to safeguard user funds. As WazirX continues to navigate the aftermath of the hack and work towards restoring its operations, the exchange must prioritize transparency, accountability, and collaboration with stakeholders to rebuild trust and credibility in the market.