India-based WazirX is currently in the process of seeking partnerships to fully restore its operations following a major exploit that led to the loss of nearly half of its assets. Co-founder Nischal Shetty took to social media on July 23 to announce this development and reassure users that the exchange is working on a solution to resume its services. Shetty mentioned that they are exploring various options to enable platform deposits, withdrawals, and trading again, indicating a willingness to collaborate with potential partners for a resolution.
Security breach impacting user assets
WazirX recently confirmed that a security breach in one of its multisig wallets resulted in the loss of over $230 million in user assets. The stolen funds included more than 200 different cryptocurrencies, such as SHIB tokens, Ethereum tokens, Matic tokens, Pepe tokens, USDT, and Gala tokens. This hack represented approximately 50% of WazirX’s total $500 million holdings as reported in June. The exchange had to temporarily halt trading due to the hack’s impact on its collateral reserves. Despite this setback, Shetty assured users that they are actively working on solutions to fully reimburse affected customers and recover the lost funds with the help of law enforcement.
Efforts to make customers whole
Shetty mentioned that they have several ideas in mind to address the situation, but further discussions are needed to assess their feasibility. The team is dedicated to finding a resolution to the issue and has been collaborating with law enforcement agencies to identify the perpetrators and retrieve the stolen funds. It is worth noting that the hack did not affect the firm’s fiat INR funds, although it remains unclear whether INR withdrawals will be reinstated in the near future.
To encourage the return of the stolen funds, WazirX initiated a $23 million bounty program for the hackers. The firm has already received 133 entries and is currently evaluating them. However, market experts believe that the likelihood of the funds being returned is low, especially since the attackers are associated with North Korea’s infamous Lazarus Group. Despite this challenging situation, WazirX remains adamant that the hack was not a result of any flaws in its product infrastructure. The exchange clarified that the compromised multisig wallet was managed by a third-party custody provider, Liminal, which denied any breaches in its infrastructure and attributed the exploit to compromised WazirX-owned devices.
In response to speculations about compromised hardware wallets, Shetty emphasized that the hack did not occur due to a phishing link. He explained that three unique signatures from WazirX using different hardware wallets were employed for the theft. Each of these devices was located in distinct places, and the necessary links were bookmarked for easy access. WazirX stands firm in its stance that compromised hardware was not a contributing factor to the security breach.
Leave a Reply