cryptoslate.com
India-based centralized exchange WazirX seeking partnerships to restore full operations following a significant exploit that resulted in the loss of nearly half its assets.
The exchange’s co-founder, Nischal Shetty, shared the development in a social media post on July 23 and notified users that it is working on a solution to help restart its services. He stated:
“I’ve been reaching out to various potential partners trying to figure a resolution that would help our customers. We’re figuring various directions that can possibly help enable the platform deposits/withdrawals/trading.”
The exploit
WazirX confirmed a security breach in one of its multisig wallets, resulting in the loss of over $230 million in user assets.
On-chain data revealed the theft included more than 200 cryptocurrencies, such as 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens.
The stolen funds represent roughly 50% of WazirX’s total $500 million holdings, according to its June proof-of-reserves report. The exchange has temporarily paused trading due to the hack’s impact on its ability to maintain 1:1 collaterals with assets.
Meanwhile, Shetty mentioned ongoing efforts to make customers whole, saying:
“We have few ideas, but we need to hash them out further to look into how feasible they are. I’ve been receiving many calls for help with this issue. We’re actively working with law enforcement to find the culprits and recover the funds.”
He also clarified that the hack did not affect the firm’s fiat INR funds but did not specify whether INR withdrawals would be enabled.
WazirX has launched a $23 million bounty program to incentivize the hackers to return the stolen funds. The firm has received 133 entries so far and is reviewing them.
However, market observers said the possibility of the funds being returned appears slim as the attackers have affiliation with North Korea’s notorious Lazarus Group.
Blame Game
WazirX has continued to maintain that the hack occurred outside its product infrastructure. It stated that the hacked multisig wallet was hosted by third-party custody provider Liminal.
However, Liminal argued that its infrastructure was not compromised and attributed the exploit to compromised devices owned by WazirX.
In response, WazirX has dismissed suggestions about compromised wallet hardware. Shetty explained:
“The WazirX hack was not due to a Phishing link. 3 signatures of WazirX from 3 different devices that each use different hardware wallets were used. All 3 devices were at different locations and the links were bookmarked.
He added:
“Even if we assume that all 3 WazirX devices ended up going to a phished link (which is highly unlikely given their geographic separation and saved links), it would still fail on Liminal’s end since they’re the 4th signer and the signing occurs inside their systems and not on a browser.”