Crypto Exchange WazirX Reports $230 Million Hack to Authorities and Seeks Assistance from Indian CERT-In

In a significant security breach, crypto exchange WazirX has reported a $230 million hack, filing a police complaint and engaging with the Indian Computer Emergency Response Team (CERT-In). This development, disclosed on X (formerly Twitter), aims to leverage India’s premier agency for computer-related security incidents to trace and recover the stolen funds.

The hack, which occurred on Thursday, resulted in substantial withdrawals from one of WazirX’s wallets. The company is actively working with multiple exchanges and collaborating with forensic experts and law enforcement agencies to identify and apprehend the perpetrators. The next procedural step involves preparing a First Information Report (FIR) to initiate an official investigation by the police.

CERT-In has not yet responded to requests for comments, nor has India’s Finance Ministry. Given that cryptocurrency remains largely unregulated in India, the incident falls outside the direct oversight of most authorities, including the Financial Intelligence Unit (FIU-India), which monitors transactions under the Prevention of Money Laundering Act (PMLA). Despite this, WazirX has reported the incident to FIU-India, even though it does not fall within its purview.

The lack of crypto-specific regulations in India has highlighted the need for clear regulatory expectations concerning security standards, risk management, and consumer protection. Regulatory intervention could hold exchanges accountable and ensure they adhere to best practices to safeguard user funds.

In the aftermath of the hack, Sumit Gupta, co-founder of another prominent Indian cryptocurrency exchange, CoinDCX, reached out to WazirX to extend support and explore ways to assist affected customers. HootDex, a decentralized crypto exchange built on the Pecu Novus blockchain, also offered a helping hand. HootDex stated that WazirX users with verifiable holdings impacted by the hack could have their ETH-only holdings replaced with PECU coins on HootDex, allowing them to continue trading while efforts to recover the stolen assets continue. However, HootDex emphasized that this does not absolve WazirX of its responsibilities or obligations to its users.

Meanwhile, the incident has sparked a blame game between WazirX and Liminal Custody, the digital asset custody service involved. WazirX attributed the exploit to a multisig wallet using Liminal’s service, citing a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents. Liminal, on the other hand, asserted that its infrastructure had not been breached and that all wallets, including WazirX’s, remain safe. According to Liminal, the attack was a sophisticated, targeted assault on a specific Gnosis Smart Contract Multi-Sig wallet, involving malicious payloads injected into the transaction by compromised machines.

As investigations continue, the crypto community watches closely to see how this incident will unfold and what measures will be implemented to prevent similar breaches in the future.

David Thompson
Financial Desk