In the aftermath of a significant hack resulting in the theft of over $230 million from the Indian crypto exchange WazirX, founder Nischal Shetty has addressed key issues regarding the recovery of stolen funds and the reinstatement of withdrawals. The hack, which took place on July 18, targeted a third-party custody provider, Liminal, affecting WazirX customers' digital assets but not their INR funds.
Fund Recovery and Withdrawal Updates
In a series of posts on the X platform, Shetty provided reassurances and outlined the next steps the exchange is taking. He emphasized that the WazirX product platform and infrastructure remain secure despite the hack. "Some options have emerged to help with the recovery which we’re exploring," Shetty stated, adding, "Recovery options need more time, but we understand you want us to open the platform soon for withdrawal/deposit/trading."
Shetty announced plans to conduct a poll to involve customers in deciding the approach to reopening the platform. "We will run a poll to help our customers decide the approach to opening up the platform. The team is working on building the poll flow so everyone can participate," he said.
He assured users that INR funds were unaffected by the cyber attack, clarifying that the breach occurred during the flow of their custody provider, Liminal. "WazirX product platform and infrastructure were not breached," he reiterated.
Proactive Measures and Bounty Programs
In response to the hack, the WazirX team has been proactive in efforts to recover the stolen funds. They have received 133 entries for their Bounty Program, which is under review. "A $23 million bounty is available for solutions that effectively lead to a resolution," the team revealed.
WazirX has launched two bounty programs for on-chain investigators:
Track and Freeze Bounty: Offers up to $10,000 in Tether (USDT) for actionable intelligence leading to the freezing of stolen funds.
White Hat Recovery Bounty: Rewards ethical hackers with up to 10% of the amount they help recover.
Recent Developments
Recent updates show that the hacker has transferred $57 million worth of stolen funds to two new cryptocurrency addresses. Blockchain security firm PeckShield reported that 16,350 Ether (ETH), valued at over $57 million, was moved to new wallets, with the majority sent to the address "0x58d."
The hack targeted WazirX’s multi-signature wallet used for storing ETH and ERC-20 tokens, which involved six signatories: five from WazirX and one from Liminal. "Three signatures of WazirX from three different devices, each using different hardware wallets, were used. All three devices were at different locations, and the links were bookmarked," the WazirX team explained.
Ongoing Investigation and Collaboration
As the investigation continues, WazirX has engaged an external forensic team to conduct a thorough audit. "This will confirm whether any or all of the 3 WazirX devices were compromised," the team stated.
WazirX is actively collaborating with over 500 crypto exchanges to recover the stolen funds. They have also sought assistance from India’s Financial Intelligence Unit (FIU) to track the lost funds. However, concerns remain as the exploiter has converted the majority of the funds into Ethereum and has been active on Tornado Cash, raising fears of ETH funds laundering.
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
