The history of the internet is rich with mass exploits and theft whether monetary or data. Internet since its inception has had over 35 highly notorious hacks that involved major corporations and millions of customers, the most memorable being the Quora Data breach of 2018, when over hundred million users of Quora had their data exposed in one of the biggest hacker attacks on a large online social media website. This occurred because malicious third parties gained unauthorized access to its internal systems. Another big hacker attack was the Marriott International breach in 2018 which was one of the largest hacks in history that exposed 500 million customer records, including private identity details such as passports, and most horrifyingly credit card details of the customers along with arrival-departure dates, PII, etc.
Recently cryptocurrency exchanges have been compromised and have become a prime target of hackers due to the ease of liquidating the loot online. The most notable event being the Mt.Gox breach when on 13 June 2011, Mt. Gox exchange of Japan reported that approximately 25,000 Bitcoin had been stolen from 478 accounts valued at over $400000 at the time. On 24 February 2014, Mt. Gox suspended all trading, later its website went offline, with a blank page. Leaked documents later revealed the company was insolvent, after having lost 744,408 bitcoins in a theft which went undetected for years. This secondary loss made by Mt.Gox and its founders sent the world of cryptocurrencies along with Bitcoins spiraling down into a storm that involved Government of Japan, the U.S Federal Courts, creditors and customers.
Out of the 850,000 lost bitcoins worth approximately $450 million at the time of the hack, and the 140,000 bitcoins recovered are worth around $10 billion at a price of $70,000 per BTC by end of July 2024. The later appreciation of value in the price of Bitcoin from the time of the hack to the days following repayment to credits of the exchange resulted in the creditors and customers receiving 17 times more than what they had initially invested.
The WazirX breach of ₹2091 crore approximately $235 million dollars in USDT
On July 18, Web3 security firm Cyvers detected suspicious transactions that involved WazirX’s Safe Multisig
wallet on Ethereum. Cyvers disclosed that approximately $234.9 million of
funds were moved to a new unknown address, with transactions funded by Tornado
Cash, a protocol known for private transactions. This made tracing the
stolen cryptocurrencies extremely difficult, once they left WazirX devices which were probably hot wallets.
Which cryptocurrencies were stolen in the WazirX hack/breach?
The funds in particular include $100 million worth of Shiba Inu which is almost 50% of the total loot. The wallet also held $52 million in Ether (ETH), $11 million in Polygon, $4.7 million in Floki (FLOKI), $3.2 million in Fantom, $2.8 million in Chainlink, $2.3 million in Fetch.ai (FET). All these cryptocurrencies have declined in price following WazirX's security breach, this comes sadly at the beginning of a possible bull market in Bitcoin.
Events after the WazirX breach and involvement of Liminal (Link to their official statement on breach)
Shortly after the Cyvers detection, WazirX confirmed the breach on X, stating that one of their multi-sig wallets experienced a security breach. They permanently halted all INR and crypto withdrawals to ensure the safety of user assets and began an investigation into the incident. A day later, WazirX filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In The Indian Computer Emergency Response Team.
Later that day, the exchange provided more details about the breach. They revealed that the affected wallet, which used Liminal’s digital asset custody and wallet infrastructure, had six signatories: five from WazirX and one from Liminal. According to the exchange, a discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents allowed the attacker to exploit the wallet, transferring control to the attacker. Liminal, on the other hand, has categorically denied any fault of their own infrastructure. They asserted that their system was not compromised and blamed the breach to compromised devices within WazirX’s network.
Liminal’s investigation report
suggested that the attackers gained control over WazirX’s devices, which
allowed them to manipulate transaction details and execute the heist.
Liminal emphasized that their user interface and security protocols
functioned correctly, but the integrity of WazirX’s devices had already
been compromised.
Why was WazirX not insured against cyber threats to protect their customers ?
With capital standing at
₹4000 crore in cryptocurrencies within their exchange half of which is in cold wallets (approx ₹2000 crore) just based on their 1:1 collateral they must hold to allow trading, Why did WazirX not fully insure their holdings against cyber threats? With the
availability of collateral insurance, bank insurances and even
insurances on the blockchain against cyber theft available to any large
exchange, why did they not insure their customers against any breach? The answer is simple WazirX did not foresee or expect any threat to the security of the exchange because of which today their customers cannot withdraw their funds.
The possibility of an inside Job.
Is it possible that the WazirX breach was an inside job caused by leaked security details that were stolen by a previous employee or partner that had key insights on how the crypto exchange manages its security. Or is it possible that WazirX is involved in the hack so as to exit the market by blaming others for its own internal speculative losses that they haven't yet made public. This seems a possible scenario which is plausible after what happened with Mt.Gox. CYFIRMA A leading external threat landscape management company based in Singapore identified the North Korean Lazarus Group as the culprit behind this breach, however the hacker group has yet to move a significant amount of the funds and the group has yet to take claim or be identified in particular by a government investigating body.
What this means for the WazirX account holders?
WazirX account holders, creditors and third parties that invested their money through INR, USDT Ethereum and Bitcoin deposits are heartbroken, famished and deserve all the sympathy they can get. WazirX initially decided to spread the loss to its customer by 50% as if the customers were shareholders with equity in the company. After huge backlash from the community and the financial authorities in India which include the Financial Intelligence Unit, SEBI and the Reserve Bank of India.
- The possible outcome from this hack could be a Mt.Gox repayment method where WazirX might withhold full withdrawals for years to come while carrying out business and recovering the losses through capital gains in the cryptocurrency market. However this is far fetched as Bitcoin markets have never been more volatile. On the other hand the government might intervene with a full investigation followed by bankruptcy proceedings against the exchange to recover their collateral and liquidate WazirX's holding with the assistance of a partner exchange at the market rate and disperse it among the customers based on their original holdings with the exchange in rupees INR.
- Alternatively WazirX might take a loan from an Indian bank or multiple Indian banks against its collateral and allow crypto withdrawals to its customers and creditors. This seems a feasible solution instead of bankruptcy proceedings which would be chaotic and a long process. WazirX might also seek assistance from its previous benefactor Binance that had heavily invested in the exchange until the fallout between the two exchanges that resulted in Binance withdrawing operation from India. It is unlikely Binance would assist WazirX after the two exchanges dissolved their join venture in India.
- There seems to be a silver lining for Indian customers of the exchange, as the cryptocurrency landscape in India is highly developed with specific laws that make sure customers of cryptocurrency exchanges are fully protected against the failure of the exchange. This is in light of the fact that WazirX acts as a financial firm with an intention to sell digital financial instruments that fall under the supervision of the Financial Investigation Unit, CERT-In's surveillance, SEBI (Securities and Exchange Board of India) as well the Reserve Bank of India. SEBI in particular might be involved in investigating the WazirX breach after WazirX indirectly asked its customers to bear the losses of the theft assuming at its own risk that the customers are shareholders in the company. There is also the possibility that the Federal Bureau of Investigation (FBI) of the U.S might work together with Indian investigating bodies to recover the stolen cryptocurrencies.
As i finish this article my deepest sympathies lie with WazirX's customers and to remind them there is still hope, i believe that the developments in the past decade with regard to regulation of cryptocurrency exchanges in India has been immense and a viable solution will be available to the customers of WazirX. This with the high possibility that their funds would be fully recoverable in the coming days. But whether WazirX will be able to ever recover the stolen cryptocurrencies is still a long shot.
Comments
Post a Comment