WazirX Hack: Events and Response

On 18 July 2024, WazirX, India’s largest cryptocurrency exchange, suffered a major security breach leading to a loss of over $230 million. Below is a detailed timeline of the events and the measures taken by the exchange’s team following the hack:

WazirX Hack Timeline

• July 18, 2024: Detection, Preliminary Findings, and Initial Response

▪️ On July 18, Web3 security firm Cyvers detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum. According to Cyvers, approximately $234.9 million of funds were moved to a new address, with transactions funded by Tornado Cash, a protocol known for private transactions. This made tracing the stolen funds challenging.

▪️ Shortly after the detection, WazirX confirmed the breach on X (formerly Twitter), stating that one of their multi-sig wallets experienced a security breach. They temporarily paused all INR and crypto withdrawals to ensure the safety of user assets and began an investigation into the incident.

Q. What is Multisig Wallet?

Ans: A multisig (short for “multi-signature”) wallet is a type of cryptocurrency wallet that requires multiple private keys to authorize a transaction. This adds a layer of security by ensuring that no single entity or individual has complete control over the wallet.

▪️ Later that day, the exchange provided more details about the breach. They revealed that the affected wallet, which used Liminal’s digital asset custody and wallet infrastructure, had six signatories: five from WazirX and one from Liminal. 

According to the exchange, a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents allowed the attacker to exploit the wallet, transferring control to the attacker.

---

• July 19, 2024: Legal Actions and Community Involvement

▪️ The following day, WazirX announced their plan of action in response to the cyber attack. They filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. 

▪️ The WazirX team also reached out to over 500 exchanges to block the identified addresses and began working with forensic experts and law enforcement agencies to trace the stolen funds and identify the perpetrators.

Read the full tweet here: https://x.com/WazirXIndia/status/1814250505851588932

---

• July 20, 2024: CEO’s Statement and Bounty Program

▪️ On July 20, WazirX founder and CEO Nischal Shetty addressed the community, outlining the next steps. These included preparing a bounty program to recover the stolen assets, continuous tracing of fund movements, and further collaboration with exchanges and security experts. He emphasized the need for community support to overcome this unprecedented challenge.

▪️ That same day, WazirX launched a bounty program offering rewards for information leading to the recovery of the stolen assets. The program included two bounties: one for tracking and freezing the funds with rewards up to $10,000 worth of USDT, and another offering a 5% incentive of the recovered amount as a white hat reward.

▪️ Following advice from blockchain forensics expert ZachXBT, WazirX increased the White Hat Recovery reward to 10%, up to $23 million. They also announced the temporary suspension of trading on their platform due to the impact on their ability to maintain 1:1 collaterals with assets. They continued with forensic data examinations and security audits to ensure user safety.

---

• July 22, 2024: Progress and Warning Against Scams

▪️ On July 22, WazirX informed users that they were actively working to enable withdrawals and appreciated their patience during this complex process. They also warned users about impersonators sending fake emails and creating fake profiles, advising vigilance against such scams.

---

• July 23, 2024: Reaching Partners and Bounty Program Entries

On July 23, Nischal Shetty, the founder of WazirX, notified users that they were working with various partners to find a solution that would benefit the customers they serve. He mentioned that the team has a lot of ideas, but they need to work them out more to see how realistic they are.

Apart from that, Nischal stated in the same tweet that the INR money of users was untouched by the hack and that the WazirX platform had not been breached. The cyber attack targeted their multi-sig wallet, which was hosted outside of the WazirX product infrastructure and accessed through Liminal, a third-party custody provider.

On the same day, the WazirX team said that they had received 133 entries for their Bounty Program (a $23 million incentive is offered for answers that lead to a resolution) and were now examining them.

---

• July 24, 2024: Tracking Stolen Funds & User Poll

The WazirX team asserted the other day that they are aggressively contacting projects associated with the stolen tokens to ask for their assistance in the recovery process. Simultaneously, they are working on enabling withdrawals and determining the best manner to resume deposits and trading on our platform.

To that end, Nischal indicated that several ideas have surfaced to assist with the recovery, which the team is now investigating. He stated that while recovery alternatives need more time, they recognize that users want the platform to be ready for withdrawal/deposit/trading as soon as possible.

Nischal also said that they will conduct a vote to let their users determine how to open up the platform. The WazirX team is working on creating a poll flow so that everyone may participate.

Furthermore, the WazirX team announced on the same day that the response to their Bounty Program has been significant, with 195 entries received thus far.

---

• July 25, 2024: No Evidence of Compromise

On July 25, the WazirX team stated that their early examination found no evidence of a breach on their signers’ devices. The team noted that they are continuing to look into all probable origins of the breach.

Furthermore, Nischal continues to discuss the user poll, stating that the team is working to complete and approve it today so that it may go online today or tomorrow. Nischal also stated that they are consulting with legal to determine the duration and date on which the platform may be opened if the poll results are good.

He also stated that, while the goal is to start with a percentage of everyone’s crypto portfolio value in locked tokens, they would continue to look for ways to unlock those tokens as well. 

Nischal mentioned that they have received a few proposals from the community to help with locked token unlocks – stolen asset recovery, burning tokens with exchange gains over time, creating new use cases for the token, and airdropping from new projects as they become available.

---

• July 26, 2024: The team was sleeping!

---

• July 27, 2024: WazirX Offers 2 Options to Users

On July 27, the WazirX team announced that they are introducing a socialized loss strategy to evenly divide the damage across all users. This 55/45 approach provides a speedier and more versatile solution. This technique provides quick access to a major amount of user assets while leaving the option of additional recovery for those who wish to wait.

The WazirX team also stated that they would provide two choices for managing the remaining assets, each with its own set of perks and constraints. The offerings are:

Option A allows users to trade and HODL their crypto assets while prioritizing recovery efforts, but they cannot withdraw their funds. If you wish to start withdrawing your assets later, you can use Option B, but you will lose priority in the recovery process.

Option B allows you to trade and withdraw your funds, but recovery efforts will mostly benefit individuals who picked Option A first. You can switch to Option A at any moment before making a transaction or withdrawal.

Following this tweet, the WazirX team stated that they have received several inquiries from the community on the asset management preference poll. You may read all the FAQs here – https://wazirx.com/blog/wazirx-withdrawal-management-programme-opinion-poll-user-questions-and-answers/.

---

• July 28, 2024: No Updates were Made from WazirX

---

• July 29, 2024: WazirX Faces Community Backlash

After making the poll public, the WazirX has received criticism from both the community and influencers. In response, the WazirX team stated that they welcome user active engagement in their latest vote dated July 27, 2024.

WazirX clarified that this poll is a first step towards understanding users’ thoughts and is not legally binding on either the users or the WazirX platform. The team posted a message: “We reassure you that this poll is not final; it was intended solely for gathering your feedback, better understand your views, and then take action that is best for the community.”

Meanwhile, in reaction to the outcry, Nischal released a video from his X account stating that this was not a final decision. The primary purpose of this poll is to determine the preferences of the users. Watch the complete video here – https://x.com/NischalShetty/status/1817908466033312183.

More Updates Coming Soon……

---

The Blame Game: WazirX vs. Liminal

In the wake of the WazirX hack, a blame game has ensued between WazirX and Liminal. Both entities have been pointing fingers at each other, adding to the complexity of the situation and leaving users uncertain about who is accountable for the massive loss of funds.

▪️ WazirX’s Perspective: WazirX has maintained that the breach was due to a discrepancy between the data displayed on Liminal’s interface and the actual transaction contents. According to WazirX, the attackers exploited this vulnerability to manipulate the transaction data and steal the funds. 

They highlighted that their multi-sig wallet required multiple approvals for transactions, including those from Liminal, but the attackers managed to bypass these security measures.

▪️ Liminal’s Defense: Liminal, on the other hand, has categorically denied any fault in their infrastructure. They asserted that their system was not compromised and attributed the breach to compromised devices within WazirX’s network. 

Liminal’s post-mortem report suggested that the attackers gained control over WazirX’s devices, which allowed them to manipulate transaction details and execute the heist. Liminal emphasized that their user interface and security protocols functioned correctly, but the integrity of WazirX’s devices had already been compromised.

Conclusion

The WazirX hack is a significant event not just in the Indian crypto space but in the whole cryptocurrency space, which highlights the importance of robust security measures and community support. The WazirX team’s transparent communication and proactive steps to recover the stolen funds demonstrate their commitment to user safety and the resilience of the cryptocurrency ecosystem.

As the investigation continues, the community and regulatory bodies must work together to enhance the security framework and ensure accountability in such incidents.

To learn more about WazirX Hack, stay tuned with SunCrypto Academy.

Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. All content provided is for informational purposes only, and shall not be relied upon as financial/investment advice. Opinions shared, if any, are only shared for information and education purposes. Although the best efforts have been made to ensure all information is accurate and up to date, occasionally unintended errors or misprints may occur. We recommend you do your research or consult an expert before making any investment decision. You may write to us at [email protected].