India’s Biggest Crypto Exchange WazirX Hacked, Funds Worth $230 Million Stolen

• Blockchain Council
• August 26, 2024

Indian crypto exchange WazirX confirmed on Thursday that it had faced a significant security breach. The incident resulted in approximately $235 million in assets being suspiciously transferred from the platform. This event marks one of the most substantial thefts in the Indian cryptocurrency market to date.

WazirX, based in Mumbai, announced that one of its multisig wallets had been compromised. A multisig wallet requires multiple private keys for transaction authentication, making the breach particularly concerning. WazirX shared the news on Twitter, stating that the issue involved one of its Liminal multisig wallets. Consequently, the platform temporarily halted all withdrawals to secure the remaining assets and prevent further losses.

Liminal, a wallet infrastructure firm, stated that its initial investigation revealed that the compromised wallet was created outside its ecosystem. Liminal assured its clients that their platform, infrastructure, and assets remain secure and were not part of the breach. This clarification aims to reassure users and stakeholders about the integrity of their services.

The USDT-INR pair on WazirX has slipped by 8%, and cryptocurrencies are trading at a discount on the platform. This situation indicates a rush for fiat/cash in the wake of the hack. Web3 security firm Cyvers detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum. It appears that $234.9 million in funds were moved to a new address, with each transaction’s caller funded by Tornado Cash, a decentralized protocol for private transactions.

Lookchain, a Blockchain explorer, reported that over 200 types of cryptocurrencies were affected. These included 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens. The attackers’ activities have significantly impacted the value and availability of these digital assets.

BREAKING: WazirX exploiter publishes update on token selling, claims they are selling "in a way that is fair and gentle on the market"

— HCH (@HeartCanHodl) July 18, 2024

Blockchain data indicates that the attackers are attempting to offload the stolen assets using the decentralized exchange Uniswap. Risk management firm Elliptic has reported affiliations between the hackers and North Korea, adding another layer of complexity to the situation.

The $235 million loss is a significant blow to WazirX, which had reported holdings of about $500 million in its June proof-of-reserves disclosure. This breach has effectively drained nearly half of its reported assets, raising serious concerns about the platform’s future operations and its users’ trust.

WazirX hacked for over $230m USD (2,000 cr INR)

Their safe multisig was compromised and drained.

The hackers started practicing the hack onchain at least 8 days ago and finally executed it today.

It's a very methodical and organized attack, pointing towards DPRK as the hacker. pic.twitter.com/HziVY7dCoq

— Mudit Gupta (@Mudit__Gupta) July 18, 2024

In response to the incident, CoinSwitch and CoinDCX, two other major Indian crypto exchanges, have assured their users that their funds are secure and unaffected. Sumit Gupta, co-founder and CEO of CoinDCX, emphasized the robustness of their wallet security in a tweet. Similarly, Ashish Singhal, co-founder and CEO of PeepalCo, the group holding firm of CoinSwitch, advised investors to be cautious and mindful of market volatility during this period.

This security breach is the latest setback for WazirX, which has faced several challenges in recent years. In early 2023, WazirX separated from Binance following a public fallout in 2022. Binance had initially announced the acquisition of WazirX two years prior, but disputes over ownership led to a severance of ties. Binance founder Changpeng Zhao clarified that the deal was never concluded, leading to the termination of Binance’s business relations with WazirX.

WazirX, popular among Indian traders, primarily serves the Indian market and is one of the few exchanges in the country registered with the Financial Intelligence Unit (FIU). This registration allows it to offer crypto exchange services to Indian citizens. Despite the breach, WazirX has facilitated at least $2.2 million in trading volume over the past 24 hours, mostly involving tether (USDT) stablecoins and XRP.

Following the hack, WazirX’s WRX token saw a significant drop, trading 15% lower at just over 14 cents. The rupee-denominated price dropped more than 25% since the confirmation of the breach. SHIB has lost over 6% in market value in U.S. dollar terms and 16% in rupee terms as the hacker continues to liquidate the coins. Other tokens have also suffered losses, especially in INR pairs, reflecting panic selling by investors.

📢 Update: We're aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused. Thank you for your patience and understanding.…

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

In response, WazirX has paused the withdrawal of cryptocurrencies and Indian rupees on the platform. The exchange team is actively investigating the incident and will provide updates as the situation develops.