2024 WazirX hack

From HandWiki
Short description: Cryptocurrency theft
2024 WazirX hack
DateJuly 18, 2024
TypeCyberattack
SuspectsLazarus Group

On July 18, 2024, WazirX, an Indian cryptocurrency exchange was hacked, leading to the loss of approximately $234.9 million (around Rs 2000 crore) in investor funds.[1] The exchange ceased to operate on 18 July 2024.[2]

Hack

On 18 July 2024, $234.9 million worth of crypto assets have been taken out of the exchange and sent to a new address by North Korean hackers belonging to Lazarus Group.[3][4]

Modus operandi

WazirX's multisig wallet, controlled by five WazirX and one Liminal signature, required three WazirX and one Liminal signature to initiate transactions. Hackers created a fake WazirX account, deposited tokens, and began purchasing Gala (GALA) tokens. After draining the hot wallet, they accessed the cold wallet. When WazirX signatories accessed the multisig wallet, the hackers altered the smart contract controlling it. Once modified in their favor, the attackers gained full control, no longer needing WazirX's keys, and drained all the funds.[5] Before the attack, the crypto exchange stated in its June 2024 proof-of-reserves disclosure that it had about $500 million in digital assets.[6]

On 18 July 2024, the exchange suspended crypto trading.[7][8]

In January 2025, the Singapore High Court allowed Zettai PTE LTD, the parent company of WazirX to hold a meeting with creditors to vote on a proposed plan of recovery of lost assets.[9]

Litigations

  • On August 29, 2024, the rival company CoinSwitch sued WazirX for failing to recover its trapped funds of $9.65 million.[10][11]

References

  1. Venugopal, Sahana (3 September 2024). "WazirX Cyberattack: What is WazirX's legal status after a $230 million wallet hack?" (in en-IN). The Hindu. https://www.thehindu.com/sci-tech/technology/what-is-wazirxs-legal-status-after-a-230-million-wallet-hack/article68595715.ece. 
  2. "WazirX cryptocurrency exchange halts withdrawals after security breach" (in en). 2024-07-18. https://indianexpress.com/article/india/wazirx-cryptocurrency-withdrawals-security-breach-9461946/. 
  3. Shukla, Siddharth (2024-07-18). "WazirX Pauses Crypto, Rupee Withdrawals After Wallet Breach" (in en). Bloomberg.com. https://www.bloomberg.com/news/articles/2024-07-18/wazirx-pauses-crypto-rupee-withdrawals-after-wallet-breach-lyqzzwm1. 
  4. Anand, Vijay (2024-07-29). "North Korean Lazarus Group linked to $235 million WazirX crypto breach - CNBC TV18" (in en). https://www.cnbctv18.com/technology/wazirx-crypto-breach-cyfirma-north-korean-lazarus-group-19450904.htm. 
  5. Anupam, Suprita (2024-09-25). "The End Of WazirX: The $234 Mn Heist, Nischal Shetty Under Fire And The Blame Game" (in en). https://inc42.com/features/wazirx-crypto-heist-nischal-shetty-blame-game/. 
  6. "WazirX crypto exchange hack: how much of the assets was lost, CEO Nischal Shetty's announcement, and what happens next" (in en-IN). The Hindu. 2024-07-29. ISSN 0971-751X. https://www.thehindu.com/sci-tech/technology/wazirx-crypto-exchange-hack-how-much-of-the-assets-was-lost-and-what-happens-next/article68459460.ece. 
  7. Singh, Manish (2024-07-21). "WazirX halts trading after $230 million 'force majeure' loss" (in en-US). https://techcrunch.com/2024/07/21/wazirx-halts-trading-after-230-million-hit-to-crypto-exchange/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEqQb3DWP_YrVKDE1Q-eSYG-fqRWZTsj8fXpaIkOtiq_BnXD9WNfAgJR9Xl6ysmU0W_KRakHLRgKg3SdcdKqLbS08NUaD7vsgbLSIPzlekFATRNS5ZjQfFb1hPEc1PCWFdanjXZ9m0W5qwu5fR2axTOfFadiT_W_jEI-auYNXKgZ. 
  8. Sharma, Manoj (2024-07-10). "WazirX halts trading, announces $23 mn bounty after hackers steal $234 mn. Key updates" (in en). https://www.fortuneindia.com/macro/wazirx-halts-trading-announces-23-mn-bounty-after-hackers-steal-234-mn-key-updates/117654. 
  9. "WazirX $230-million heist: Singapore court allows WazirX parent to hold meet with crypto users" (in en-US). 2025-01-24. https://economictimes.indiatimes.com/tech/technology/singapore-court-allows-wazirx-parent-to-hold-meet-with-crypto-users-for-230-million-asset-recovery/articleshow/117505387.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst. 
  10. Singh, Manish (2024-08-28). "CoinSwitch sues WazirX to recover trapped funds" (in en-US). https://techcrunch.com/2024/08/28/coinswitch-sues-wazirx-to-recover-trapped-funds/. 
  11. "India's Crypto app CoinSwitch sues WazirX: We are now taking steps, including ...". The Times of India. 2024-08-29. ISSN 0971-8257. https://timesofindia.indiatimes.com/technology/tech-news/indias-crypto-app-coinswitch-sues-wazirx-we-are-now-taking-steps-including-/articleshow/112887792.cms. 

Template:Hacking in the 2020s



Retrieved from "https://handwiki.org/wiki/index.php?title=2024_WazirX_hack&oldid=4155114"