On July 18, 2024, WazirX, one of India’s largest cryptocurrency exchanges, experienced a major security breach resulting in the theft of over $230 million in digital assets. The hack affected a multisig wallet and led to paused withdrawals and a drop in the value of WazirX’s native token, WRX. The breach is suspected to be linked to North Korea, according to on-chain analysis and information reviewed by Elliptic.
Impact of the Hack
WazirX suffered a major hack, resulting in the theft of approximately $230 million, equivalent to 45% of user funds. The company has reported that one of its multisig wallets experienced a security breach.
Stolen Funds Breakdown
- Shiba Inu: $102 million
- Ethereum: $52.5 million
- Matic: $11.24 million
- Pepe coin: $7.6 million
- Tether: $135 million
- Gala: $3.5 million
Consequences:
- Decline in WRX Value: The significant loss caused a sharp decline in the value of WazirX’s native token, WRX.
- Paused Withdrawals: Withdrawals were paused temporarily to assess the situation.
Response and Strategy
WazirX is implementing a “socialized loss” strategy, aiming to distribute the financial impact across all users equitably. This approach allows for immediate access to a significant portion of assets while maintaining the possibility of further recovery for those who choose to wait.
- 55% of user crypto assets will be made available for trading and withdrawals, depending on the selected option.
- 45% will be converted to USDT-equivalent tokens and locked.
User Options
WazirX offers two options for users:
- Option A: Users can trade and hold their crypto with priority for recovery but cannot withdraw it.
- Option B: Users can trade and withdraw their crypto but will have lower priority for recovery. Users can switch to Option A before making trades or withdrawals.
Registered users will receive detailed instructions via email, including a link to the WazirX platform to select their preferred option. The deadline for response is August 3, 2024.
Handling of Similar Situations by Other Companies
Mt. Gox (In 2014, Mt. Gox was hacked, losing 850,000 BTC worth $450 million)
Loss: 850,000 BTC worth $450 million.
Outcome: Bankruptcy, with users receiving about 20% of their original holdings as of 2024.
Bitfinex (Bitfinex was hacked in 2016, losing 119,756 BTC worth about $72 million)
Loss: 119,756 BTC worth about $72 million.
Solution: Loss spread across all users, reducing balances by 36%. Issued BFX tokens to represent losses, which could be traded, used as collateral, or converted into shares of Bitfinex’s parent company. Within eight months, all BFX tokens were repaid or converted.
Bounty Program by WazirX
WazirX is launching a bounty program to help recover the stolen funds,
Track & Freeze Bounty
- Objective: Identify, track, and provide actionable intelligence leading to the freezing of the stolen funds.
- Reward: Up to $10,000 worth of USDT for actionable intelligence.
White Hat Recovery Bounty
- Objective: Facilitate the recovery of the stolen funds.
- Reward: 10% of the recovered amount as a white hat incentive (up to $23 million).
Timeframe
The bounty program will run for three months from the date of the announcement, with the possibility of amendments based on requirements and results.
The WazirX hack resulted in a significant loss of over $230 million in digital assets, making it one of the largest hacks of a centralized exchange in recent times. The exchange has taken steps to recover the stolen funds and enhance security measures to prevent future incidents. Crypto investors are advised to prioritize security practices to safeguard their digital investments.