On July 18, 2024, WazirX, a well-known Indian cryptocurrency exchange, suffered one of the most serious security breaches in history, with approximately $235 million in digital assets stolen, representing nearly 46% of its stored assets. This article reviews the entire hacking process, WazirX’s immediate response, and subsequent security enhancements and asset recovery efforts, exploring the exchange’s practical experience in emergency response and crisis management.
Hacker Intrusion and Initial Response
On the day of the attack, the hacker successfully gained access to three signing permissions on WazirX’s Ethereum multi-signature wallet, gained control of important ERC-20 tokens, and quickly transferred them to an unknown wallet address. Following the incident, WazirX promptly informed users and initiated crisis management:
- Registered an online warning with the National Cybercrime Reporting Platform and submitted an offline report;
- Notified India’s Financial Intelligence Unit (FIU) and the National Emergency Response Team (CERT-In) for intervention;
- Conducted multi-channel tracing of the assets involved, contacting over 500 exchanges for assistance in freezing the relevant wallet addresses;
- Suspended deposits and withdrawals to prevent further outflow of funds.
Hacker’s Fund Flow and Clues
The hacker increased the amount of stolen funds by shifting assets, now holding over 50,000 ETH (approximately $200 million), along with transfers and liquidations of SHIB, MATIC, PEPE, USDT, and various altcoins. Several security researchers and information agencies assisted in the tracking process, locating several key accounts where funds were transferred.
Renowned cryptography expert ZachXBT, based on on-chain data, confirmed that some of the funds were linked to verified deposit addresses and claimed the bounty.
Follow-up Coordination and Bounty Program
- On July 20th, WazirX continued to collaborate with major platforms and law enforcement agencies to accelerate the recovery of stolen funds.
- On July 21st, a bounty program of up to $23 million was launched to reward individuals or organizations with valid leads.
- A user tip-off reward was established, with rewards for a single tip reaching up to $10,000 USDT.
Security Audit and Technical Enhancement
WazirX engaged top cybersecurity experts to conduct a comprehensive legal and technical review, analyzing vulnerabilities and attack methods in order to build a more secure defense system. Collaborative white hat hackers and blockchain forensics teams are actively participating in asset tracing and risk assessment.
User Funds and Withdrawal Arrangements
- Accurately analyzing unaffected asset types, some user assets remain safe.
- Fiat currency withdrawals are planned to be resumed in phases, with reasonable limits set to ensure smooth platform operations.
- Cryptocurrency withdrawals remain uncertain due to security concerns, and limits are expected to be implemented to prevent large-scale fund outflows.
- Exploring compensation options for users’ damaged assets through capital increases and other measures, drawing on the experience of a leading Japanese case.
The WazirX incident highlights the security risks facing the digital asset industry and exposes weaknesses in the platform’s identity verification and multi-signature management. Its proactive response and transparent reporting provide a valuable example of crisis public relations. Furthermore, its bounty-based recovery, joint regulatory efforts, and community collaboration demonstrate new approaches to addressing security threats in the digital financial industry.
In the future, a comprehensive security architecture and supporting regulations will be the cornerstone of the exchange’s stable development. WazirX is committed to restoring user trust, enhancing technical protections, and collaborating with ecosystem partners to build a safer crypto asset trading environment.
This incident serves as both a wake-up call and the starting point of a new journey, reminding the industry and users that security and trust are indispensable in the digital asset journey.
