The massive $235 million hack on the Indian cryptocurrency exchange WazirX on July 18 has raised serious concerns about exchange security and the future of cryptocurrency in India.
The attack was detected by Web3 security firm Cyvers, which noted “multiple suspicious transactions” involving WazirX’s “Safe Multisig” wallet on Ethereum.
The hacker moved $234.9 million worth of funds to a new address, using assets from cryptocurrency mixer Tornado Cash to fund each transaction.
The stolen funds included a variety of cryptocurrencies such as Tether, Pepe, and Gala.
The attacker quickly converted these assets into Ether to obscure the trail of stolen funds.
WazirX’s wallet also held approximately $100 million in Shiba Inu, $52 million in ETH, $11 million in Polygon, and smaller amounts of other tokens.
In response, WazirX suspended withdrawals of cryptocurrencies and Indian rupees and announced it was “actively investigating the incident.”
Rajagopal Menon, a spokesperson for WazirX, stated: “We can’t speak to the press right now. You can get updates from our Twitter handle.”
The hack could significantly impact India’s cryptocurrency sector, which has thrived despite government pressure.
Utkarsh Tiwari, chief strategy officer for KoinBX, commented that such a security breach would cause concern among multiple stakeholders, including retail investors and other exchanges.
He added that under India’s G20 presidency, there has been a push for comprehensive regulations for global Virtual Assets Service Providers, prioritizing investor protection.
India’s crypto industry is also hoping for relief from stringent crypto tax regulations.
READ MORE: Experts Skeptical of U.S. Bitcoin Strategic Reserve Amid Speculation of Potential Trump Announcement
Finance Minister Nirmala Sitharaman will present the Union Budget on July 23, and the sector is optimistic about favorable changes.
Since 2022, India has imposed a 30% capital gains tax on digital assets and a 1% tax deducted at source (TDS) on crypto transactions. Sumit Gupta, CEO of CoinDCX, has advocated for reducing the TDS rate to 0.01%.
Meir Dolev, CTO of Cyvers, explained that WazirX uses a multisig wallet requiring four signatures for transactions, with Liminal providing the last signature.
The attacker used two addresses to initiate and receive transactions, funding his wallet via Tornado Cash.
The attacker deployed a malicious contract to change the implementation of WazirX’s wallet, allowing him to execute transactions without needing further signatures.
Dolev speculated that the attacker compromised WazirX endpoints or laptops to gain necessary signatures, possibly through a user interface (UI) hijack on Liminal’s side.
Liminal Custody maintained that its platform remains secure, with preliminary investigations showing that a self-custody multisig smart contract wallet created outside its ecosystem was compromised.
Some analysts suspect North Korean hackers, possibly the Lazarus Group, may be responsible for the hack.
Blockchain forensics firm Elliptic and ZachXBT noted patterns characteristic of North Korean actors. The cryptocurrency market experienced significant turbulence, with SHIB tokens dropping 10% in value.
WazirX has filed a police complaint, reported the incident to relevant authorities, and is contacting over 500 exchanges to block identified addresses, with many exchanges cooperating in recovery efforts.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.