As we reported earlier on July 18, Indian cryptocurrency exchange WazirX suffered a major cyberattack that resulted in the theft of over $230 million in digital assets.
WazirX co-founder Nischal Shetty provided an update on the situation, assuring users that the platform is exploring various strategies to restore services and protect user funds.
The breach, confirmed by WazirX, affected multi-signature wallets managed by third-party custody provider Liminal.
Despite the severity of the attack, Shetty stressed that Indian Rupee (INR) funds held by the exchange remain safe and unaffected.
“The impact of the attack is limited to our customers’ digital assets,” Shetty stated. “The WazirX platform itself was not breached; the incident occurred with a multi-signature wallet hosted outside our core infrastructure.”
The stolen assets included more than 200 cryptocurrencies, notably 5.43 billion Shiba Inu (SHIB) tokens, 15,200 Ethereum (ETH) tokens, 20.5 million Polygon (MATIC) tokens, 640 billion Pepe (PEPE) tokens, 5.79 million Tether (USDT), and 135 million Gala (GALA) tokens. These assets represent about half of WazirX’s total holdings, according to a recent proof-of-reserves document.
WazirX has suspended all deposits, withdrawals, and trading in response to the attack.
The exchange has also launched a $23 million bounty program to incentivize the recovery of the stolen funds. The reward, which is equivalent to 10% of the lost assets, is intended to attract white hat hackers, blockchain forensics experts, and cybersecurity professionals to assist in tracking down the perpetrators.
Based on @zachxbt‘s feedback, we have increased the White Hat Recovery reward to 10%, i.e., up to $23 Million.
We invite white hat hackers, blockchain forensics experts, and cybersecurity professionals from around the world to join this critical mission and protect the integrity… https://t.co/WasoyJT5UX
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 21, 2024
So far, WazirX has received 133 applications for the bounty program and is actively reviewing them.
The exchange is working closely with law enforcement agencies to identify the culprits and reclaim the stolen assets.
However, the recovery prospects appear challenging, with market observers speculating about potential involvement from the infamous North Korean Lazarus Group, known for previous large-scale cyber thefts.
Following the attack, a dispute arose between WazirX and Liminal regarding responsibility for the breach.
While WazirX claims compromised devices outside of its system caused the attack, Liminal maintains that its infrastructure remains secure and that any security breaches occurred on WazirX’s end.
As WazirX seeks cooperation to restore full operations, the exchange’s leadership faces the daunting task of rebuilding user trust and ensuring the security of its platform.
The bounty program will run for three months, with rewards only being disbursed upon successful recovery of stolen assets, paid in USDT or recovered funds at WazirX’s discretion.
Related news: Preparation for $235M WazirX Theft Began 8 Days in Advance