Highlights:
- WazirX has launched a bounty program to recover over $230 million stolen in a recent security breach.
- The exchange is collaborating with over 500 other exchanges and regulatory bodies to block the addresses associated with the stolen funds.
- Forensic experts and law enforcement agencies are involved in tracking the stolen assets, which have been obscured by Tornado Cash.
WazirX, one of India’s largest cryptocurrency exchanges, recently suffered a significant security breach, resulting in the theft of over $230 million in digital assets. The breach, which affected assets such as SHIB, ETH, PEPE, and MATIC, has prompted WazirX to launch a comprehensive recovery effort, including a bounty program aimed at regaining the stolen funds.
📢 Update: In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.
» Immediate Actions: We have reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 19, 2024
Exchange Initiates Recovery Measures
Following the cyberattack, WazirX has taken several steps to address the situation. The exchange has halted all withdrawals to protect remaining assets and has filed a police complaint. Additionally, WazirX reported the incident to India’s Financial Intelligence Unit (FIU) and the Computer Emergency Response Team (CERT-In). The exchange is partnering with more than 500 other platforms to prevent transactions involving the addresses linked to the stolen funds.
WazirX Team is actively working on next steps.
1. We’re preparing a bounty program to help us freeze/recover the stolen assets
2. Further discussions on continuous tracing of fund movements, we’re in touch with a few teams that claim to be experts at this.
3. We’ve informed all…— Nischal (Shardeum) 🔼 (@NischalShetty) July 20, 2024
WazirX co-founder Nischal Shetty highlighted the seriousness of the attack, stating, “This is an unprecedented attack on one of the largest crypto exchanges in India. It has negatively affected the entire Web3 ecosystem.” Shetty further announced the launch of a bounty program designed to incentivize individuals and entities to assist in freezing and recovering stolen assets.
Forensic and Law Enforcement Collaboration
To aid in the recovery efforts, WazirX is working with forensic experts and law enforcement agencies. The exchange aims to identify and apprehend the perpetrators while tracking the stolen funds. The use of Tornado Cash, a mixing service employed by the attackers, has complicated recovery efforts by obscuring the funds’ origin and destination.
The hack, which targeted WazirX’s Ethereum multisig wallet, has been described as one of the largest breaches involving a centralized exchange in recent history. The wallet, secured using Liminal’s digital asset custody and wallet infrastructure, was compromised. Consequently, this breach occurred due to a discrepancy between the data displayed and the actual transaction contents. The attackers managed to steal 15,298 ETH and convert it to various assets. In addition, they amassed a total of 59,097 ETH, valued at approximately $206.7 million.
Continued Efforts and Community Support
In addition to the bounty program, WazirX is in continuous discussions with expert teams specializing in tracking cryptocurrency transactions. The exchange is receiving support from the broader Web3 community. This collective effort emphasizes the importance of working together to resolve the issue. Shetty expressed gratitude for this support and stressed the importance of a unified approach to address the breach.
Despite these efforts, the complexity of the attack and the use of mixing services make the recovery of the stolen assets challenging. WazirX has acknowledged the difficulty of tracing the funds and is working diligently to mitigate the impact on customer funds.