On Wednesday, the Indian cryptocurrency exchange WazirX announced the cancellation of all open orders within its platform. The company emphasized that this is another step in its ongoing efforts to address the fallout from a massive $230 million hack that took place in July.
The move comes as WazirX attempts to resolve issues associated with its Indian Rupee (INR) and cryptocurrency balances on the platform.
WazirX issued a brief statement about this action on the social media platform X (formerly Twitter) to inform users.
The exchange assured its customers that any INR and crypto assets blocked in these open orders would be added back to their respective balances. The move aims to protect the integrity of the platform and facilitate an equitable outcome for users following the irregularities that emerged as a result of the July cyberattack.
Hackers Siphoned $230M in Crypto Assets from WazirX
On July 18, 2024, WazirX was targeted by hackers and $230 million were siphoned from its multi-signature wallets. This crypto wallet was managed by using the digital asset custody and wallet infrastructure provided by Liminal.
The hackers made off with a significant amount of money denominated in cryptocurrencies including:
- $102 million worth of Shiba Inu tokens.
- $52 million in Ether (ETH).
- $11.2 million worth of Polygon’s native token Matic.
- An undisclosed amount of other tokens including Pepe, USDT, and Gala.
This substantial loss severely impacted WazirX’s ability to maintain 1:1 collateral with its assets and prompted the leadership team to take severe measures to protect the integrity of the exchange.
Following the attack, WazirX filed an online police complaint on the National Cyber Crime Reporting Portal and began processing a physical complaint.
They also reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In. In an effort to track down the stolen funds, WazirX proactively reached out to over 500 exchanges to block the identified addresses associated with the hack.
To ensure the safety of user assets, WazirX temporarily paused INR and crypto deposits/withdrawals. They also suspended all trading activities to allow for a thorough examination of the affected systems and conducted a comprehensive security audit. In a bid to recover the stolen assets, the exchange launched a bounty program, offering rewards of up to $10,000 worth of USDT for actionable intelligence that could lead to the freezing of all incriminated wallets and the recovery of the stolen funds.
WazirX also offered a “White Hat Bounty” of up to 10% of the stolen amount, which equates to $23 million. Additionally, the exchange hired cybersecurity experts to assist in the investigation and recovery efforts.
It is Still Unclear How These Transactions Were Signed Off
The cyberattack specifically targeted WazirX’s Ethereum multi-signature wallet, which contained ETH and ERC20 tokens. The wallet utilized a structure with six signatories – five from the WazirX team and one from Liminal.
All of the transactions made from this wallet require approval from three WazirX signatories (using Ledger Hardware Wallets) followed by final approval from a signatory from Liminal. WazirX has stated that the attack was only possible due to four points of failure in the signing process.
The exchange is certain that the hardware keys of the three WazirX wallets were not compromised. However, they are working with an external forensic team to conduct a thorough audit to confirm whether any of the three WazirX devices were compromised.
WazirX has pointed to Liminal’s infrastructure as the origin of the breach. Liminal is conducting a detailed analysis to determine how the breach occurred and how the hackers managed to get a signature from their end and to identify the root cause.
Liminal has not yet released its final report on the attack. Once it does, it will provide deeper insights into how the fourth signature ended up approving the malicious payload.
All account balances on the WazirX platforms were restored completely on August 16. The exchange also reversed all trades made after they stopped withdrawals on July 18, 2024.
This action aims to return users to their financial positions prior to the hack. The exchange has stated that they are working on solutions for both cryptocurrencies and INR balances.
However, they said that to fully restore INR and crypto balances they have to first look into some legal matters. The exchange has not provided a specific timeline for when users can expect full access to their funds.
Despite WazirX’s efforts, users continue to be frustrated and worried due to the lack of a clear compensation plan. The exchange has struggled to provide concrete details on when (or if) users will be fully compensated for their losses.
The incident has also raised significant questions about WazirX’s network security and operational controls. Critics have pointed out potential vulnerabilities in the exchange’s multi-signature wallet system and its reliance on third-party custody providers.
WazirX Native Token WRX Keeps its Cool Despite the Crisis
The price of the WazirX has managed to withstand the turmoil caused by the hack. On July 18, it dropped from $0.17 to $0.14 – an 18% loss in just a day. However, since then, it has been progressively recovering and currently trades at $0.15.
Analysts speculate that this unexpected performance could be the result of bot trading activity, insiders purchasing the token at a discount, or the market’s positive perspective on the resilience of the WazirX exchange. Technical analysis of WRX suggests a bullish pattern, with higher highs forming after higher lows, indicating potential for further gains.
As WazirX continues its recovery efforts, it will face some challenges to restore its reputation and credibility. First, the crypto exchange needs to complete the forensic analysis and security audit that will provide a full understanding of the cause and extent of the breach to prevent future incidents.
They must also finalize and implement a comprehensive plan to compensate all of the affected users. Rebuilding trust within the cryptocurrency community will be paramount if it aims to survive the crisis.
Moreover, users will pay attention to the exchange’s efforts to enhance its security measures and revaluate its partnerships with third-party service providers. Additionally, WazirX may face regulatory scrutiny in the aftermath of the hack.
The cancellation of open orders and the return of associated assets to user balances represent a step toward normalizing operations. However, WazirX still faces a long road to fully recover from this massive incident.