Recently, India-based centralized exchange WazirX faced a significant exploit that resulted in the loss of nearly half of its assets, equating to over $230 million. This exploit was revealed in a social media post by the exchange’s co-founder, Nischal Shetty, on July 23. The exploit took place in one of the exchange’s multisig wallets, resulting in the theft of more than 200 different cryptocurrencies, including popular tokens like SHIB, Ethereum, Matic, and USDT. This exploit has had a severe impact on WazirX, with the stolen funds constituting approximately 50% of its total $500 million holdings as per its June proof-of-reserves report.
In response to the exploit, WazirX is actively seeking partnerships to restore full operations and help its customers. Shetty mentioned that they are exploring various solutions to enable platform deposits, withdrawals, and trading once again. Despite the significant setback, WazirX aims to make its customers whole and is working with law enforcement to identify the culprits behind the exploit and recover the stolen funds. The exchange has temporarily paused trading due to the impact on its ability to maintain 1:1 collaterals with assets.
The exploit did not affect WazirX’s fiat INR funds, but it has prompted the exchange to launch a $23 million bounty program to incentivize the hackers to return the stolen funds. However, market observers remain skeptical about the likelihood of the funds being returned, citing the attackers’ alleged affiliation with North Korea’s Lazarus Group. Despite this setback, WazirX remains committed to restoring operations and ensuring the security of its platform.
Amidst the aftermath of the exploit, there have been disputes surrounding the security incident. WazirX maintained that the hacked multisig wallet was hosted by a third-party custody provider, Liminal, while Liminal argued that its infrastructure was not compromised. The exchange dismissed allegations of compromised wallet hardware, emphasizing that the exploit did not stem from a phishing link. Shetty clarified that the exploit involved three signatures from WazirX on different devices using distinct hardware wallets, all of which were at separate locations and had bookmarked links.
The recent exploit faced by WazirX has highlighted the vulnerabilities inherent in the cryptocurrency exchange landscape. The exchange’s efforts to restore operations, partner with relevant stakeholders, and address the security breach demonstrate its commitment to its customers. As WazirX navigates the aftermath of this incident, the exchange’s response will be crucial in rebuilding trust within the cryptocurrency community and safeguarding against future exploits.
