Inside job or cover-up? New accusations add fuel to the WazirX controversy

Could new allegations against WazirX reveal the truth about the July hack, or are frustrated users fueling unfounded conspiracy theories?

WazirX under the radar “again”

On Jul. 18, India’s crypto community was rocked when WazirX, the country’s largest crypto exchange, announced a devastating hack. A staggering around $235 million (₹2,000 crore) was siphoned from a single wallet, with initial suspicions pointing to the notorious Lazarus Group from North Korea.

The exchange quickly attributed the breach to external forces, but the narrative has since taken an unexpected twist. On Nov. 26, a vocal group of WazirX users, rallying under the banner “Justice for WazirX Users,” alleged on X that this might not have been an international cyberattack at all — but an inside job.

Their claims are backed by a detailed timeline of events leading up to the hack, portraying a platform grappling with financial strain, regulatory scrutiny, and operational chaos, arguing that the circumstances surrounding the breach are too coincidental to ignore.

Could this really have been an inside job? Or are these suspicions simply the result of frustration and a growing sense of distrust? Let’s examine the facts from every angle and see what light they can shed.

The dominoes leading to the hack

According to the viral Twitter thread, WazirX’s troubles didn’t begin with the hack — they date back to February 2022, when the Indian government imposed a 30% tax on crypto profits.

For WazirX, this policy led to a collapse in overnight revenue. Suddenly, the once-thriving exchange was grappling with reduced user activity and shrinking profits — a troubling sign for any business in the hyper-competitive crypto market.

Two months later, in April 2022, WazirX’s founders, Nischal Shetty and Siddharth Menon, permanently relocated to Dubai.

With the Indian crypto ecosystem under increasing scrutiny, their departure sparked uncomfortable questions: was this a strategic attempt to shield themselves from regulatory pressures, or simply a routine move that the public misunderstood?

The situation took a turn for the worse in August 2022 when India’s Enforcement Directorate froze $8 million worth of WazirX’s assets, alleging involvement in money laundering. Although WazirX denied these allegations, the raid tarnished the exchange’s reputation and added immense operational strain.

In January 2023, the challenges deepened when Binance — the global crypto giant and WazirX’s former partner—cut all ties with the exchange. Citing governance disputes, Binance demanded the transfer of funds, effectively severing a crucial support system.

By January 2024, things grew more complex when India outright banned Binance, forcing many Indian users to transfer their funds back to WazirX, swelling its reserves to enormous levels.

The exchange reportedly concentrated $235 million (₹2,000 crore) in a single wallet while distributing another $333 million (₹2,500) crore across 250,000 smaller wallets. For some, this was a ticking time bomb, given the inherent risks of centralizing such a large sum in one place.

The hack itself struck in July 2024, wiping out the $235 million stored in that single wallet. However, critics were quick to raise glaring questions. Why would WazirX consolidate such a significant amount in one vulnerable location?

Was this sheer negligence — or something far more calculated, perhaps even a staged hack?

A web of allegations and discrepancies

The fallout from the WazirX hack has only grown messier with each passing day as new allegations and financial discrepancies continue to emerge.

Amid mounting frustration, the YouTube channel Crypto India dissected WazirX’s second affidavit and financial statements in September, exposing critical issues related to the platform’s operations and transparency.

One major revelation from WazirX’s affidavit is its moratorium application in Singapore, which aimed to restructure its obligations after the hack. Initially, the platform reported that the total value of funds during the hack was $570 million, with $234 million stolen — a theft rate of 42%. This figure was later revised to $546 million, now suggesting that 45% of the funds were stolen.

The discrepancy arises from WazirX initially including INR balances managed by Zanmai Labs, its Indian entity, in the books of Zettai, its Singapore-based arm, highlighting weak internal controls, further eroding user confidence.

Moreover, out of 4.2 million users, only 431 expressed support for the moratorium, representing just 0.01% of the total user base. Financially, these supporting users account for liabilities of $9.2 million — far below the $410 million threshold needed for the moratorium’s approval.

Adding to the doubts is a key revision in WazirX’s financial statements. The situation becomes even murkier when scrutinizing WazirX’s financial statements. Zettai reported revenues of $108 million in 2022 and $12 million in 2023, but the expense patterns are alarming.

For example, $79 million — nearly 80% of its 2022 revenue — was spent on sales and marketing, with no detailed breakdown of how or where the funds were used. Another $15 million was listed under administrative expenses, yet these figures remain vague and unexplained.

Even more troubling, liabilities worth $23 million were lumped into the ambiguous category of “Others,” accounting for 99% of total liabilities — a glaring red flag in financial reporting that suggests potential obfuscation.

The controversy has spilled over into legal action, with rival platform CoinSwitch filing a lawsuit against WazirX in September to recover funds allegedly trapped on the platform after the hack.

CoinSwitch, a former partner of Zanmai Labs, claims WazirX has failed to provide clarity on whether its tokens were stored in secure wallets or those compromised in the hack.

Despite WazirX’s assertions of an uncompromised infrastructure, the absence of audit reports or detailed incident analyses leaves users in the dark, unsure of what truly happened — or whether their remaining assets are safe.

WazirX’s plan to refund users

Amid growing pressure and unresolved questions following the July hack, WazirX has introduced a structured plan to compensate its creditors. While the plan promises eventual repayment, it comes with conditions that require users to absorb an immediate loss.

Central to this effort is the launch of a “rebalancing calculator,” now live on the platform, which calculates the exact amount owed to each creditor. However, users are facing a 48% haircut on their funds — a loss that WazirX claims will be addressed gradually over time.

During the company’s fourth townhall on Nov. 6, WazirX shared details of its repayment plan. The exchange plans to settle 52% of total creditor claims using its current liquid assets.

This amount will be distributed on a pro-rata basis, meaning users will receive a percentage of what they’re owed based on the size of their claims.

To address the remaining 48% of liabilities that cannot be immediately repaid, WazirX will issue Recovery Tokens to creditors. Each token will represent $1 and act as a placeholder for the outstanding funds.

These tokens can be encashed in the future, contingent upon WazirX successfully restarting operations and generating revenue.

To achieve this, the exchange has outlined a multi-pronged strategy that includes launching new business initiatives and increasing trading activity.

WazirX’s CEO, Nischal Shetty, has also hinted at plans to launch a decentralized exchange, which he believes could become India’s largest within a year.

In addition to the DEX, WazirX aims to resume operations on its centralized platform, betting on a surge in trading volumes during the current bull market to drive revenue.

Arrests, allegations, and unanswered questions

In October, the Delhi High Court heard a petition filed by investor Jaivir Bains, alleging that WazirX merged funds from hacked and unhacked accounts to mitigate losses — an approach that reportedly affected unaffected investors.

The petitioner’s counsel argued that these actions violated the exchange’s user agreement and regulatory standards, urging an investigation by the Financial Intelligence Unit (FIU) and the ED.

The petition also raised concerns about the adequacy of oversight mechanisms, highlighting that stolen funds had been transferred to Singapore, potentially complicating recovery efforts.

While acknowledging the severity of the allegations, the court noted a lack of prima facie evidence to determine whether the hack was externally orchestrated or a self-inflicted cover-up.

The bench concluded that grievances such as fund merging and withdrawal restrictions were civil matters better suited for resolution in civil courts. However, it directed the Assistant Commissioner of Police to investigate the complaint and involve regulatory authorities should new evidence emerge.

Adding a new twist to the unfolding drama, the Delhi Police’s Special Cell recently arrested SK Masud Alam, a resident of West Bengal, in connection with the cyberattack.

According to the chargesheet, Alam allegedly created a fake account under the alias “Souvik Mondal” and sold it on Telegram to another individual, M. Hasan, who reportedly used it to breach WazirX’s systems.

The petition also claims that state authorities, including the FIU, have failed to act decisively, potentially due to bureaucratic interference. With millions of dollars at stake and trust hanging by a thread, the WazirX case is only growing more complex with each passing moment.

A system failing its people

The WazirX hack case remains shrouded in ambiguity. Whether it was a sophisticated external attack or an inside job disguised as one, the truth has yet to emerge.

However, the incident has not only exposed vulnerabilities in crypto platforms but also highlighted the inadequacies of India’s regulatory and legal systems in managing such crises effectively.

Since the hack in July 2024, millions of users have been left in distress, with many facing financial ruin. Social media is now filled with heart-wrenching stories of investors grappling with the loss of their life savings.

Reports have surfaced of victims resorting to extreme measures, including falling into severe debt to cover their losses, selling personal assets such as homes and vehicles, and, in tragic cases, even contemplating suicide.

Nearly five months after the hack, India’s regulatory and enforcement bodies have been slow to act. The FIU and the ED, tasked with financial compliance and investigating money laundering, have largely stayed on the sidelines.

Meanwhile, the focus of the case has shifted overseas. With WazirX’s restructuring program under review by the Singapore High Court, critical decisions about user repayments and the platform’s future are being made outside Indian jurisdiction.

The irony is striking: a predominantly Indian user base is now seeking justice through a legal system halfway across the globe while their own government lags behind.

Whether the hack was an external breach or an inside job may take months — or even years — to determine. For now, the distress of the users serves as a sobering reminder of the consequences of systemic failures.