WazirX reports $230M hack to police and cyber unit, implements recovery efforts

Key Takeaways

• WazirX has collaborated with relevant authorities to trace the attackers following a $230 million hack.
• The exchange is working on recovering stolen funds with help from other exchanges.

WazirX has filed a police complaint and is pursuing additional legal actions in response to a recent cyberattack that resulted in over $230 million loss, said the exchange in a Friday statement. Its immediate plans include “tracing the stolen funds, recovering customer assets, and conducting a deeper analysis of the cyberattack.”

WazirX has reported the incident to the Financial Intelligence Unit (FIU-India) and the Indian Computer Emergency Response Team (CERT-IN). The firm has also cooperated with over 500 exchanges to block the involved addresses.

“Many exchanges are cooperating with us, and we are actively working with them on additional resources to aid our recovery efforts,” the WazirX team stated.

WazirX is actively working with forensic experts and law enforcement agencies to identify the attackers and is focusing on fund recovery and forensic analysis post-hack, the firm noted.

On Thursday, WazirX said it was hit by a cyberattack, resulting in the theft of over $230 million from one of its multisig wallets. The hack prompted the exchange to halt all INR and crypto withdrawals as a precautionary measure.

The firm stated that the attackers exploited a discrepancy between the data displayed on the wallet interface and the actual transaction details, which allowed them to siphon off the funds.

Following the attack, Shiba Inu’s SHIB token plummeted by 8% . At the time, the attackers’ wallet held around $100 million worth of SHIB; they swapped several altcoins for Ethereum (ETH).

The wallet currently holds 43,800 ETH, valued at around $153 million, Arkham Intelligence’s data shows.

According to blockchain analysis firm Elliptic, the cyberattack on WazirX was potentially linked to North Korean hackers.

A wake-up call for crypto regulation in India

The WazirX hack has exposed India’s crypto regulatory gap, according to Joanna Cheng, Fireblocks’ Associate General Counsel. Cheng called for clear guidelines on security standards, risk management, and consumer protection.

“There is no crypto-specific regulation in India so far, and the industry would benefit from clear regulatory expectations on issues like security standards, risk management, and consumer protection. Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction),” Cheng told Crypto Briefing.

Commenting on WazirX’s statement that the incident was “a force majeure event” that was beyond its control, Cheng pointed out that for the force majeure clause to be effective, the event, here the cyberattack, must be truly unexpected and unavoidable. If it can be shown that WazirX could have reasonably prevented or mitigated the attack, the clause might not apply.

“In the case of WazirX, the usage of the force majeure clause likely allows the exchange to halt withdrawals. However, if it is found that the event is in fact foreseeable and could have been avoided or mitigated through reasonable measures, the clause cannot be invoked,” Cheng noted.

“We believe that this incident highlights the importance of regulatory clarity and oversight, in order to establish a base level of accountability and investor protection,” she added.