Key Points
- WazirX, a prominent Indian crypto exchange, suffered a $235 million hack in July 2024 due to a multisig wallet security breach, losing 45% of its reserves.
- The exchange is now implementing a recovery plan, which includes reversing all trades made after the hack and restoring user account balances to their pre-hack state.
In a significant development in the cryptocurrency world, WazirX, one of India’s largest crypto exchanges, has announced plans to restore user account balances following a devastating $235 million hack in July 2024. The breach, which targeted the exchange’s multi-signature wallet on Ethereum, resulted in the loss of approximately 45% of WazirX’s reserves.
On August 8, 2024, WazirX officially declared its intention to undo all trades carried out after suspending withdrawals on July 18. The exchange stated, “All users will have their portfolio balances on the WazirX platform restored to what they were on July 18, 2024.” This account recovery process is expected to be conducted over the next few days, with affected users receiving email notifications about the impacted trades.
The decision to restore account balances and reverse certain trades aims to ensure an “equitable outcome for users” after the hack. Specifically, WazirX will cancel all trades between July 18 and July 21. The exchange emphasized that this move is designed to treat all users equitably, rendering ineffective any trades following July 18, 07:30 am UTC. Additionally, fees and referrals arising from such restorations will be reversed.
The hack, first reported on July 18, was detected by Web3 security firm Cyvers, which observed “multiple suspicious transactions” involving WazirX’s Safe Multisig wallet on Ethereum. The multi-signature wallet, which requires multiple signatures to execute transactions, had six signatories: one from Liminal (a digital custody platform) and five from WazirX.
According to WazirX, the breach occurred due to discrepancies between the data displayed on Liminal and the actual transaction contents on WazirX. This explanation has led to conflicting statements between WazirX and Liminal, with the latter arguing that their platform was not breached. Liminal even released a report suggesting that compromised WazirX machines caused the exploit.
The anonymous attacker behind the breach reportedly stole at least $100 million in Shiba Inu (SHIB) and $52 million in Ether (ETH). These figures highlight the significant impact of the hack on WazirX’s reserves.
As part of its recovery efforts, WazirX has stated that any fiat or crypto successfully deposited after July 18 will be addressed “shortly in a future update.” This announcement reassures users who may have continued to use the platform immediately after the hack.
Founded in 2017, WazirX has become a significant player in India’s cryptocurrency landscape. This incident serves as a stark reminder of the ongoing security challenges faced by crypto exchanges and the importance of robust security measures in the rapidly evolving digital asset space.
As this incident unfolds, it not only tests WazirX’s resilience and crisis management capabilities but also serves as a critical case study for the entire cryptocurrency industry on the importance of robust security measures and transparent recovery processes in maintaining user trust and market stability.
