The Indian cryptocurrency exchange WazirX has been hit by a colossal cyber theft, with losses amounting to a staggering Rs 2,000 crore (approximately $234 million). The incident, which transpired in July 2024, has left millions of users in a state of limbo as they anxiously await the refund of their digital assets. The severity of the situation has drawn the attention of top government agencies in India. The Financial Intelligence Unit (FIU) and the Indian Computer Emergency Response Team (CERT-In) have launched a probe into the matter.
The officials from these agencies have reportedly met with the top brass of WazirX, seeking information about the hacking of crypto tokens. The government's concern stems from the potential impact of this incident on the investors of WazirX. The cryptocurrency exchange has cooperated with the probe agencies, providing them with the requested information. The agencies are currently sifting through the details to get a clearer picture of the incident.
Legal experts in the country had previously called for a thorough investigation by state authorities, given the magnitude of the WazirX cyber-crime. The aftermath of the cyber theft has been devastating for the users of WazirX. The company has admitted that nearly 43% of its users are likely to lose their money stolen in digital assets.
In a surprising development, the hackers behind the WazirX theft have begun withdrawing the stolen digital assets. They are using the Tornado Cash platform, an open-source, fully decentralised cryptocurrency mixer platform that operates on Ethereum Virtual Machine-compatible networks, to carry out these transactions.
In an attempt to address the concerns of the affected users, WazirX had conducted a live town hall session on YouTube. During this session, the co-founder of WazirX, Nischal Shetty, and George Gwee, the director of the legal firm Kroll, which is handling the restructuring of WazirX post the hack, answered queries from the users. Gwee, during the session, had stated that any profits made from the appreciation of crypto prices during the restructuring process would be shared 100% with the users.
However, the video of this session was later made private by the WazirX management, leading to further frustration among the users. Shetty, during the town hall session, had revealed that 87% of the total 4.4 million users of the exchange hold only 8% of the funds in the exchange. This revelation has added another layer of complexity to the situation.
The aftermath of the hack has been catastrophic for WazirX. The attacker drained a significant amount of various cryptocurrencies, including Shiba Inu (SHIB), Ether, MATIC, and PEPE. These funds represented more than 45% of the exchange's total reserves of $500 million. The exploiter now holds more than 59,097 ETH, worth about $200 million, in various tokens. They have been selling the stolen tokens using the popular DEX Uniswap.
The exchange's native token, WZX, has dropped by 36.24% ever since the exchange was attacked. The exchange blamed a "mismatch" between the information displayed on Liminal Custody's digital interface and the actual contents of the transaction signed for the incident. They described it as a sophisticated, well-planned, and targeted attack on one specific Gnosis Smart Contract Multi-Sig wallet.
This incident is reminiscent of the infamous Mt. Gox hack in 2014, where 740,000 bitcoins (6% of all bitcoin in existence at the time) were stolen from the Japan-based bitcoin exchange. The Mt. Gox incident, much like the WazirX hack, had a significant impact on the users and the overall cryptocurrency market.
As the investigation into the WazirX hack continues, millions of users await the outcome, hoping for a resolution that would enable them to recover their lost assets. This incident serves as a stark reminder of the risks associated with digital assets and underscores the need for robust security measures and regulatory oversight in the rapidly evolving world of cryptocurrencies.