The $234M WazirX Hack: What Happened, Its Impact, and Key Lessons for Crypto Investors

On July 18, 2024, WazirX, India’s largest cryptocurrency exchange, suffered a devastating cyberattack, resulting in the theft of approximately $234.9 million in digital assets. This breach, one of the largest in crypto history, wiped out nearly 45% of the platform’s reserves, affecting millions of users and exposing vulnerabilities in the crypto ecosystem. This blog dives into how the hack unfolded, its impact, and what it means for the future of cryptocurrency security.

WazirX Hack: What Happened?

The attack targeted a multisignature (multisig) Ethereum wallet managed by WazirX and its custody provider, Liminal. Multisig wallets require multiple approvals (signatures) to authorize transactions, offering enhanced security. In WazirX’s case, the wallet needed four out of six signatures—three from WazirX and one from Liminal—to execute transactions. Despite these safeguards, hackers executed a sophisticated attack:

1. Smart Contract Manipulation: The attackers tricked WazirX and Liminal signatories into approving a malicious smart contract update. This altered the wallet’s control, allowing the hacker to bypass the multisig security and drain the wallet.
2. Preparation and Execution: Blockchain analysis revealed the hacker prepared for eight days, funding their operations via Tornado Cash, a decentralized cryptocurrency mixer, on July 10, 2024. On July 18, they drained $234.9 million, including $97 million in Shiba Inu (SHIB) and $53 million in Ethereum (ETH).
3. Laundering the Funds: Post-attack, the hacker converted most stolen assets into Ether (ETH) and funneled them through Tornado Cash, obscuring their trail. By September 2024, only $6 million in traceable ETH remained.

The attack’s precision and scale point to the North Korean Lazarus Group, a state-sponsored hacking collective known for targeting crypto exchanges. Their involvement complicates recovery efforts, as they rarely negotiate or face legal accountability.

ALSO READ: WazirX Timeline: From India’s Biggest Crypto Exchange to Courtroom Trouble

WazirX Hack Fallout

The hack sent shockwaves through WazirX’s 15 million users, primarily in India, where crypto adoption has been growing. Key impacts include:

• Financial Losses: The stolen $234.9 million, initially valued at 45% of WazirX’s $503 million reserves, ballooned to $330 million by December 2024 due to rising crypto prices. Users faced frozen funds and halted trading, with many losing life savings.
• User Distress: Investors reported anxiety, debt, and emotional turmoil. One Patna-based user, who lost Rs 7 lakh, hid the loss from his family, fearing social stigma. Others expressed frustration over WazirX’s slow communication and controversial recovery plans.
• Regulatory Scrutiny: Indian agencies, including the Financial Intelligence Unit (FIU), the Intelligence Bureau (IB), and the Indian Computer Emergency Response Team (CERT-In), launched probes into the hack. WazirX provided server logs and blockchain addresses, but the unregulated crypto sector’s “grey areas” hindered progress.
• Legal Actions: WazirX’s parent company, Zettai Pte Ltd, secured a four-month moratorium from Singapore’s High Court in August 2024, shielding it from legal claims during restructuring. Rival exchange CoinSwitch sued WazirX for $9.65 million in trapped funds.

WazirX’s Response to the Hack

WazirX took several steps to mitigate the crisis, though some decisions sparked backlash:

• Bounty Program: WazirX offered a $23 million reward (10% of stolen funds) for information leading to asset recovery, engaging 344 bounty hunters.
• Socialized Loss Strategy: To distribute losses equitably, WazirX proposed returning 55% of users’ crypto holdings and locking 45% in USDT-equivalent tokens. This plan, inspired by Mt. Gox and Bitfinex hacks, affected all users, even those whose tokens weren’t stolen, drawing criticism.
• Partial Recovery: By January 2025, WazirX froze $3 million in stolen USDT, a small but significant step. A repayment plan, approved by 93.1% of creditors, aims to recover up to 80% of losses.
• Transparency Issues: WazirX faced backlash for slow updates and removing a YouTube town hall video promising “100% profits” from crypto price appreciation. CEO Nischal Shetty’s spiritual posts on X further frustrated users.

Lessons Learned from WazirX Hack

The WazirX hack underscores critical vulnerabilities in the crypto industry:

1. Centralized Risks: Storing 50% of reserves in one wallet amplified the damage. Experts recommend distributing assets across multiple wallets to mitigate risk.
2. Smart Contract Security: The attack exploited human error in approving a malicious contract. Rigorous auditing and decentralized custody solutions could prevent similar breaches.
3. Regulatory Gaps: India’s unregulated crypto sector left users with limited recourse. Industry experts urge frameworks to protect investors and enforce accountability.
4. User Awareness: Phishing and social engineering played a role in the hack. Users must verify transactions and avoid suspicious links or domains mimicking legitimate platforms.

What’s Next?

WazirX is navigating a complex recovery process. The Singapore court’s approval of its restructuring plan in January 2025 offers hope, with plans to resume trading by February 2025. However, challenges remain:

• Fund Recovery: The use of Tornado Cash makes tracing stolen funds nearly impossible. Only $3 million has been frozen, and North Korean involvement dims prospects for further recovery.
• User Compensation: WazirX’s decision to cap claims at July 18 values ignores crypto price surges (e.g., Shiba Inu’s value rose from $102 million to $173 million). This has fueled investor anger, especially for Bitcoin holders unaffected by the hack.
• Industry Impact: The hack may trigger stricter regulations in India, potentially stifling crypto growth. Centralized exchanges face scrutiny, pushing users toward decentralized finance (DeFi) alternatives.

Stay Safe in Crypto

For crypto investors, the WazirX hack is a stark reminder to prioritize security:

• Use hardware wallets for offline storage.
• Diversify holdings across platforms and wallets.
• Enable two-factor authentication (2FA) and avoid sharing sensitive information.
• Stay informed about platform security practices and regulatory developments.

The WazirX hack exposed the fragility of centralized exchanges and the urgent need for robust security and regulation. As the crypto market grows, exchanges and users must adapt to safeguard assets in an increasingly complex digital landscape.

Conclusion

In light of the WazirX hack, it’s clear that the security landscape of cryptocurrency exchanges is evolving, and as an investor, safeguarding your assets is paramount.

At Mudrex, we prioritise the security of your investments by offering a platform designed with cutting-edge security features, including robust multi-factor authentication and asset diversification tools.

As we continue to build trust in the crypto space, we remain committed to keeping your funds secure and helping you navigate the complexities of digital assets with confidence. Let Mudrex be your trusted partner in the ever-changing world of cryptocurrency. Stay safe, stay smart, and always stay informed.

Want real-time market updates, expert insights, and trading discussions? Join the Mudrex Official Telegram Community now and stay ahead of the crypto market!

FAQs

1. What exactly happened during the WazirX hack?
On July 18, 2024, hackers exploited a multisignature Ethereum wallet by tricking WazirX and its custody partner, Liminal, into approving a malicious smart contract update. This allowed them to bypass security protocols and drain approximately $234.9 million worth of crypto assets.

2. How did the hackers manage to bypass the multisig wallet security?
Despite requiring four of six signatures for transactions, the attackers manipulated a smart contract update that appeared legitimate. They exploited human error and social engineering tactics to gain approval from signatories, effectively gaining control over the wallet.

3. Who is believed to be behind the attack?
The North Korean Lazarus Group, a state-sponsored hacking collective known for targeting crypto platforms, is suspected to be behind the breach. Their advanced methods and lack of cooperation with international law enforcement complicate asset recovery efforts.

4. What was WazirX’s response to the hack?
WazirX initiated a $23 million bounty program, proposed a controversial “socialized loss” recovery plan, and managed to freeze $3 million in stolen assets. They also secured a restructuring moratorium in Singapore to manage legal claims and investor payouts.

5. What lessons can crypto investors learn from this hack?
Key takeaways include the risks of centralizing large reserves, the importance of verifying smart contract updates, the dangers of unregulated markets, and the need for investor vigilance. Diversifying assets, using hardware wallets, and staying informed are crucial for protection.