Fallout From WazirX Hack: What Happened After India's Biggest Crypto Heist WazirX is still counting the cost and has endured a painful company restructuring, ongoing legal issues and claims for reimbursement.
Opinions expressed by BIZ Experiences contributors are their own.
You're reading BIZ Experiences India, an international franchise of BIZ Experiences Media.
On July 18th, 2024, one of India's largest crypto exchanges, WazirX, suffered a massive cyberattack that resulted in the theft of $230 million in digital assets. This incident had a profound effect on global crypto markets, as India came to terms with one of the biggest crypto robberies ever. The hack coincided with an anti-crypto movement in the Indian government and regulatory uncertainty, which didn't help matters. WazirX is still counting the cost and has endured a painful company restructuring, ongoing legal issues and claims for reimbursement.
It's not all bad news for the Indian crypto community. These hacks bring to light the further maturation needed in crypto markets and their leading companies. Binance CMO Rachel Conlan recently commented on the hack and the industry's reaction to these types of setbacks, "One thing I love about this industry is the transparency—we can identify bad actors faster and take action. Yes, setbacks like hacks have hurt mainstream adoption, but they were necessary to move the industry forward. As the largest exchange, we take our responsibility very seriously, working not just locally, but globally, to help the entire ecosystem grow and mature."
How the Breach Unfolded
The attack targeted a vulnerability in WazirX's multi-signature wallets that should require multiple private keys to authorize a transaction. The hacker found a way to circumvent those safety checks and manipulate the transaction payload, giving them control over one of the company's main trading wallets and letting them send funds to their wallet.
The hackers acquired enough signatures with the multi-signature wallet to gain access and drain it. To achieve this, the hacker had to persuade multiple current signatories to alter a smart contract that could have acted as a safeguard to prevent theft.
Eight days before the attack, the hacker funded a wallet via Tornado Cash, which is known for covering financial trails on a privacy-first platform. By September, all but $6 million of the funds had been siphoned from the wallet and laundered. The money was effectively gone.
50% of Wazir's reserves disappeared in a flash, and the company has spent a sober year restructuring and coming to terms with that loss.
Immediate Fallout
WazirX was forced to freeze its operations while it took stock of the situation and found out how bad the losses were. This was a public test, as well as a relatively simple hack, and provided a platform for crypto skeptics to question the safety of decentralized finance. Public confidence in crypto took a serious knock in the wake of this security breach, and WazirX became an apocryphal tale for the advance of technology.
In response to the breach, WazirX halted all trading and withdrawal activities to prevent further losses and assess the situation. Accusations were slung in North Korea's direction. WazirX also argued with supplier Liminal about weaknesses in their interfaces, with both parties blaming the other for the breach.
That has left customers in limbo. At one point, WazirX said that 43% of customer funds had been lost. That has turned into a public spat between WazirX, Liminal, and a lot of disgruntled customers.
16 million WazirX users were affected, and their accounts were all frozen while the company sought to recover lost assets. The exchange also came up with a proposal to distribute losses among customers, which obviously didn't go well. Legal action inevitably followed, with rival CoinSwitch lodging a $6.2 million complaint.
The Future for WazirX
Survival is the first big issue for WazirX, which has lost its position at the top table of India's crypto table in terms of stature and image. It has entered a four-month moratorium, effectively protection from legal action, and has to make major changes in a hurry. There is a lot of work to do to compensate customers and ensure that this doesn't happen again.
The company's answer for the second part of the equation is a decentralized exchange (DEX), which gives users much more control over their digital assets. Decentralized networks are simply safer and more transparent, so they should help prevent major breaches like the one it has just experienced.
It will take a long time for WazirX to win back public confidence, even with the new decentralized exchange as an option. For now, it has to learn the painful lessons provided by a brutal security breach and the subsequent public fallout.
