2024 WazirX hack

Last updated
2024 WazirX hack
DateJuly 18, 2024
Type Cyberattack
Suspects Lazarus Group

On July 18, 2024, WazirX, an Indian cryptocurrency exchange was hacked, leading to the loss of approximately $234.9 million (around Rs 2000 crore) in investor funds. [1] The exchange ceased to operate on 18 July 2024. [2]

Contents

Hack

On 18 July 2024, $234.9 million worth of crypto assets have been taken out of the exchange and sent to a new address by North Korean hackers belonging to Lazarus Group. [3] [4]

Modus operandi

WazirX's multisig wallet, controlled by five WazirX and one Liminal signature, required three WazirX and one Liminal signature to initiate transactions. Hackers created a fake WazirX account, deposited tokens, and began purchasing Gala (GALA) tokens. After draining the hot wallet, they accessed the cold wallet. When WazirX signatories accessed the multisig wallet, the hackers altered the smart contract controlling it. Once modified in their favor, the attackers gained full control, no longer needing WazirX's keys, and drained all the funds. [5] Before the attack, the crypto exchange stated in its June 2024 proof-of-reserves disclosure that it had about $500 million in digital assets. [6]

On 18 July 2024, the exchange suspended crypto trading. [7] [8]

In January 2025, the Singapore High Court allowed Zettai PTE LTD, the parent company of WazirX to hold a meeting with creditors to vote on a proposed plan of recovery of lost assets. [9]

Litigations

References

  1. Venugopal, Sahana (3 September 2024). "WazirX Cyberattack: What is WazirX's legal status after a $230 million wallet hack?". The Hindu .
  2. "WazirX cryptocurrency exchange halts withdrawals after security breach". The Indian Express. 2024-07-18. Retrieved 2024-07-31.
  3. Shukla, Siddharth (2024-07-18). "WazirX Pauses Crypto, Rupee Withdrawals After Wallet Breach". Bloomberg.com. Retrieved 2024-07-31.
  4. Anand, Vijay (2024-07-29). "North Korean Lazarus Group linked to $235 million WazirX crypto breach - CNBC TV18". CNBCTV18. Retrieved 2024-07-31.
  5. Anupam, Suprita (2024-09-25). "The End Of WazirX: The $234 Mn Heist, Nischal Shetty Under Fire And The Blame Game". Inc42 Media. Retrieved 2024-09-26.
  6. "WazirX crypto exchange hack: how much of the assets was lost, CEO Nischal Shetty's announcement, and what happens next". The Hindu. 2024-07-29. ISSN   0971-751X . Retrieved 2024-07-31.
  7. Singh, Manish (2024-07-21). "WazirX halts trading after $230 million 'force majeure' loss". TechCrunch. Retrieved 2024-08-31.
  8. Sharma, Manoj (2024-07-10). "WazirX halts trading, announces $23 mn bounty after hackers steal $234 mn. Key updates". www.fortuneindia.com. Retrieved 2024-08-31.
  9. "WazirX $230-million heist: Singapore court allows WazirX parent to hold meet with crypto users". EconomicTimes. 2025-01-24. Retrieved 2025-01-28.
  10. Singh, Manish (2024-08-28). "CoinSwitch sues WazirX to recover trapped funds". TechCrunch. Retrieved 2024-08-31.
  11. "India's Crypto app CoinSwitch sues WazirX: We are now taking steps, including ..." The Times of India. 2024-08-29. ISSN   0971-8257 . Retrieved 2024-08-31.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.