In July 2024, WazirX, one of India’s largest cryptocurrency exchanges, experienced a significant security breach resulting in the theft of approximately $234.9 million (around ₹2,000 crore) in investor funds.
Details of the Hack:
- Date of Incident: July 18, 2024
- Method of Attack: Hackers exploited a vulnerability in WazirX’s multisig wallet system. This system required multiple signatures to authorize transactions. The attackers created a fake WazirX account, deposited tokens, and began purchasing Gala (GALA) tokens. After draining the hot wallet, they accessed the cold wallet. When WazirX signatories accessed the multisig wallet, the hackers altered the smart contract controlling it. Once modified in their favor, the attackers gained full control, no longer needing WazirX’s keys, and drained all the funds. Wikipedia
- Suspected Perpetrators: Preliminary investigations suggest the involvement of the Lazarus Group, a North Korean hacker collective known for similar cyberattacks. Economic Times
Aftermath and Response:
- Operational Impact: Following the breach, WazirX suspended all cryptocurrency trading and temporarily halted INR and crypto withdrawals to prevent further unauthorized transactions. WazirX
- Legal Actions: In August 2024, rival company CoinSwitch filed a lawsuit against WazirX for failing to recover its trapped funds of $9.65 million. LiveMint
- User Impact: Approximately 4 million users were affected, with many unable to access their funds. Users are preparing for a class action in India, arguing that their agreement with the cryptocurrency exchange was with its Indian entity. LiveMint
Industry Implications:
This incident has raised concerns about the security measures of cryptocurrency exchanges in India. It has prompted other exchanges to invest more heavily in advanced security infrastructure to protect investors and ensure the integrity of the crypto ecosystem.
The WazirX hack serves as a stark reminder of the vulnerabilities in the cryptocurrency market and the importance of robust security protocols to safeguard user assets.
This is the story what we hear but how come its investors responsibility for this issue, will Indian investors loose there hard earned money let us know your views .