WazirX, India’s largest cryptocurrency exchange, has temporarily suspended trading activities following a massive security breach that resulted in the theft of $230 million worth of digital assets. The incident marks one of the most significant heists in the history of cryptocurrency exchanges, sending shockwaves through the digital finance community.
The breach occurred when WazirX’s multi-signature (multisig) wallet, a wallet type that typically requires multiple private keys for transaction authorization, was compromised. Multisig wallets are generally considered highly secure due to the requirement for multiple signatories to approve withdrawals. However, this breach exploited a discrepancy between the data displayed on the wallet interface and the actual transaction contents, allowing hackers to gain unauthorized access and siphon off substantial funds.
WazirX acknowledged the security breach and its severe impact on their operations. The exchange revealed that the theft has critically affected their ability to maintain a 1:1 collateral ratio with their assets, a crucial factor in ensuring customer trust and operational stability. Consequently, WazirX decided to halt all trading and withdrawal activities on its platform to prevent further losses and to secure the remaining assets.
The financial ramifications of this cyber attack are profound. According to WazirX’s proof of reserve report dated June 10, 2024, the exchange’s total holdings were approximately ₹4,203.88 crore (around $503.64 million). With $230 million stolen,
WazirX has lost nearly half of its reserves, significantly undermining its financial stability. The exchange is now conducting a thorough forensic investigation and security audit to understand the full extent of the breach and to implement measures to prevent future incidents.
In response to the breach, WazirX has initiated a bounty program aimed at recovering the stolen funds. The program offers rewards of up to $10,000 for information that leads to the freezing of the stolen assets.
Additionally, a 10% incentive, potentially amounting to $23 million, will be provided for successfully recovering the funds. The bounty program will run for three months, and rewards will be payable in either USDT or the recovered funds, at WazirX’s discretion.
“On July 18, 2024, WazirX experienced a cyber attack on one of our multisig wallets, resulting in the theft of digital assets exceeding $230 million. This wallet was managed using Liminal’s digital asset custody and wallet infrastructure. As a result of the attack, our ability to maintain 1:1 collaterals with assets has been deeply impacted,” the company stated.
To further aid in the recovery efforts, WazirX is collaborating with over 500 other cryptocurrency exchanges to block the addresses associated with the stolen funds. The exchange has also enlisted the help of expert groups specializing in cryptocurrency transaction tracking to trace and recover the stolen assets.
This incident highlights the persistent security challenges faced by cryptocurrency exchanges, despite advances in digital asset security technologies. It also underscores the importance of continuous security audits and the need for robust incident response mechanisms.
For the broader cryptocurrency community, the WazirX breach serves as a stark reminder of the risks inherent in digital asset trading and the critical importance of security vigilance. As WazirX works to recover from this setback, the industry will undoubtedly be watching closely, learning from this incident to bolster their own defenses against similar threats.