The WazirX Hack: A Detailed Account and Response Measures

On July 18, 2024, the Indian crypto exchange WazirX faced one of the most significant security breaches in the history of the digital asset market. The attack resulted in the theft of around $235 million in digital assets, accounting for approximately 46% of the exchange’s reserves. This blog explores the timeline of events, the immediate and ongoing responses by WazirX, and the measures taken to enhance security and recover the stolen assets.

The Cyberattack and Immediate Response

July 18, 2024: The Cyberattack Occurs

The hackers gained access to 3 out of 5 signatures needed to authorise transactions from WazirX’s Ethereum multi-signature wallet. This gave them access to WazirX’s ERC-20 tokens, which they quickly transferred to their wallet, leading to a massive loss of digital assets. The exchange promptly informed users about the breach and its potential impact.

• Legal and Regulatory Actions: An online police complaint was filed with the National Cyber Crime Reporting Portal, and a physical complaint was processed. Notifications were sent to the Financial Intelligence Unit (FIU) India and the Computer Emergency Response Team (CERT-In).
• Investigative Measures: An investigation was launched to track the stolen assets. Multiple exchanges were contacted to block the identified wallet addresses, and over 500 exchanges were reached out to.
• Community Engagement: Preliminary findings were shared with the community, and deposits and withdrawals were temporarily paused to prevent further losses.

The Hunt for the Hacker

ZachXBT Claims Initial Bounty

Arkham Intelligence offered an initial bounty of 5,000 ARKM (~$8,000) for information related to the hack. Crypto sleuth ZachXBT claimed this bounty by providing evidence linking the hacker to a KYC-verified deposit address used to receive funds from the WazirX exploiter.

July 18 & 19, 2024: Holdings and Transfers

• ETH Holdings: The explorer’s total $ETH holding rose to 59,097 $ETH ($201 million).
• Asset Dumping: 15,298 $ETH ($52 million) was stolen directly, and 43,799 $ETH ($149 million) was acquired by dumping various assets, including:
  • 5.43 trillion $SHIB ($90.2 million)
  • 20.5 million $MATIC ($10.2 million)
  • 640.27 billion $PEPE ($7.48 million)
  • $5.7 million USDT
  • Around $12 million in altcoins such as $CHR, $CELR, $OOKI, and $FRONT.

Continued Efforts and Bounty Program

July 20, 2024: Continued Coordination

WazirX continued to collaborate with exchanges and law enforcement agencies. Users were advised to refrain from trading on the platform during this critical period.

July 21, 2024: Bounty Program Launched

To incentivise the recovery of stolen assets, WazirX announced a bounty program offering up to $23 million for actionable intelligence. Rewards of up to $10,000 worth of USDT were offered for information leading to the freezing and recovery of the stolen funds. Trading activities were temporarily paused to conduct a thorough security audit and forensic analysis.

Ongoing Efforts and Security Measures

Audit and Security Measures

• Cybersecurity Experts: WazirX engaged with top cybersecurity experts to assist in investigation and recovery efforts.
• Forensic Analysis: Comprehensive forensic analysis and security audits are being conducted to understand the full impact and develop recovery strategies.

Community and Exchange Collaboration

The global crypto community, including white hat hackers and blockchain forensics experts, supported WazirX in its recovery efforts. Despite the attackers using mixing services like Tornado Cash, significant portions of the stolen funds remain in the hacker’s wallet, offering hope for recovery.

Recent Developments and Next Steps

Enabling Withdrawals

WazirX is actively working to enable fund withdrawals for affected users while ensuring that adequate security measures are in place to prevent future breaches.

Regular Updates

WazirX is committed to providing regular updates to the community, keeping them informed about the progress of recovery efforts and any new developments.

Important Information for Investors

• Affected Ethereum Wallet Address: 0x27fD43BABfbe83a81d14665b1a6fB8030A60C9b4.
• Force Majeure Statement: WazirX emphasises that this incident is beyond its control but reassures its commitment to recovering the stolen funds and collaborating with the best resources and experts.

For Investors: Withdrawal Guidelines

1. Token Holdings Check: Verify if your token holdings were among those hacked, such as ETH, USDT, SHIB, etc. If not, your holdings might be safe.
2. INR Withdrawal: Withdrawals could be allowed in the near future but with some caps in place to ensure fair distribution and keep the business running. These limits could be a fixed amount per user or a percentage of your total INR holdings.
3. Crypto Withdrawal: Things are a bit more uncertain here. If withdrawals are reopened, WazirX will likely impose daily or monthly withdrawal limits, at least for a while, to prevent a massive outflow of funds.
4. Raising Funds from Investors: Another possibility is that WazirX might follow in the footsteps of the DMM Bitcoin exchange in Japan. They could raise funds from investors to compensate users for their losses and keep the exchange afloat. They might set a cut-off date to determine the market value of your holdings and return funds in fiat currency, like INR.

The WazirX hack incident underscores the importance of robust security measures in the digital asset space. WazirX remains committed to recovering the stolen funds and ensuring the safety and trust of its users. As the investigation and recovery efforts continue, the exchange will keep its community informed and take all necessary steps to enhance its security infrastructure.