Cryptocurrency exchange WazirX hacked for $234.9 million, causing exchange rates to collapse

[Carding Forum]

Indian cryptocurrency exchange WazirX has fallen victim to cybercriminals who managed to steal assets valued at $234.9 million. The main questions now are whether the exchange will close and whether people will lose their crypto.

The fact of the hack was confirmed by the exchange representatives themselves on the social network X (former Twitter):

"We are aware of a hack of one of our multisig wallets and are currently investigating this cyber incident. We have temporarily suspended INR and crypto withdrawals to ensure the safety of your assets. We will keep you updated on further developments."

Blockchain specialist Elliptic believes that a North Korean group is behind the attack. However, analysts have not provided any clear evidence.

Interestingly, the attackers began to actively sell the stolen tokens on the market. Statistics show the sale of 640.3 billion PEPE tokens.

The stolen funds account for more than 45% of WazirX's total assets - $500 million. According to Lookonchain, the affected assets include:

• $5.43 trillion SHIB ($102 million);
• 15,298 $ETH ($52.5 million);
• $20.5 million MATIC ($11.24 million);
• 640.27 billion $PEPE ($7.6 million);
• 5.79 million $USDT;
• $135 million GALA ($3.5 million).

Solar Group of Companies has launched the SOC Maturity Assessment service to help large businesses and government agencies. Diagnostics are carried out using a proprietary methodology, taking into account the customer's goals and the specifics of their information security monitoring center.

The new service analyzes the state of the internal SOC and makes recommendations for improving efficiency and further development. The entire process takes from one to two months; the new product is already being tested in pilot mode by retailers and credit and financial institutions.

To conduct the custom assessment, the information security company formed a team of specialists with extensive experience in operating Solar JSOC and building/modernizing similar units in large companies of various profiles.

"We have created a tool that will help companies and government agencies assess the current state of the SOC and identify gaps that could negatively affect the quality of its work in the future," said Yaroslav Napalkov, head of the methodology and consulting department at Solar JSOC . "When conducting regular assessments, the service will also allow monitoring the development of the center dynamically."

The SOC maturity level assessment is carried out in three areas:

1. Functions (IS monitoring, incident response and investigation, system support of technical equipment, external communications, SOC development).
2. Technologies (state and practical application of technical means).
3. Personnel (staffing and competencies).

Upon completion of the analysis, the customer receives two reports: a short one (for management) and a detailed one. Both contain a certificate of maturity (general assessment) with marks in three disciplines, as well as recommendations for further development of the SOC.

Source

 

[Carding Forum]

$230 million into the pipeline: North Korean trail in theft of funds from WazirX

Even a wallet with six signatures could not resist the onslaught of cybercriminals.

Indian cryptocurrency exchange WazirX lost more than $230 million worth of virtual assets in a North Korea-related cyberattack. The attack targeted one of the company's multi-signature wallets, which requires multiple keys to authorize transactions at once.

The hacked wallet was signed by six people: five from WazirX and one from Liminal. Most transactions on the platform require the approval of three WazirX signers and one Liminal signer. As a result of the attack, attackers were able to bypass the security system by taking advantage of the discrepancy between the Liminal interface and the actual transaction data.

After detecting the attack, WazirX suspended all cryptocurrency withdrawals and blocked several deposits. The company also contacted the owners of the affected wallets to help them recover their funds. Representatives of the exchange called the incident "force majeure", emphasizing that all necessary measures to protect customer assets have already been taken.

Blockchain analytics reported that traces of stolen assets have already been found, and the kidnappers are looking for buyers. Elliptic, a UK-based financial compliance blockchain analytics firm, has indicated that the kidnappers have begun exchanging stolen tokens for the cryptocurrency Ether through various decentralized services. According to Elliptic, the criminals are linked to North Korea, which uses cryptocurrency to circumvent international sanctions and finance its nuclear program.

WazirX, one of the largest cryptocurrency exchanges in India with 16 million users, was acquired by Binance in 2019. However, the deal has sparked numerous controversies, with Binance founder Changpeng Zhao claiming that the deal was never finalized, while WazirX co-founder Nishal Shetty insists otherwise.

The connection with Binance brought WazirX additional difficulties. So, in December 2023, Binance was suspended in India for violating anti-money laundering rules. The platform only resumed operations last month after paying a $2.25 million fine.

WazirX also faced problems with Indian regulators: in August 2022, the company was frozen funds worth $8.1 million as part of a money laundering investigation.

Bills to ban or restrict cryptocurrencies are periodically discussed in India, but a final decision has not yet been made by mid-2024. According to Joanna Cheng of Fireblocks, the lack of clear regulation in the cryptocurrency industry in India creates uncertainty and risks for both companies and ordinary users.

Source

 

[Carding Forum]

WazirX announced a reward for helping you get a refund

After the $234.9 million hack, the Indian crypto exchange WazirX filed a complaint with law enforcement agencies and began preparations to restore customer assets.

Update: In response to the cyber attack, we have filed a police complaint and are pursuing additional legal actions. We will keep the community updated as we proceed.

» Immediate Actions: We have reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.…
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 19, 2024

https://twitter.com/x/status/1814250505851588932

"We reported the incident to the Indian Financial Intelligence Unit and CERT-In. We have reached out to more than 500 exchanges to block the identified addresses. Many platforms cooperate, and we are actively working with them to find additional resources to restore [funds], " the publication says.

WazirX co-founder Nishal Shetty wrote a separate post in which he reported on the preparation of the reward program. The initiative is designed to help "freeze or recover" stolen assets.

WazirX Team is actively working on next steps.

1. We’re preparing a bounty program to help us freeze/recover the stolen assets
2. Further discussions on continuous tracing of fund movements, we’re in touch with a few teams that claim to be experts at this.
3. We’ve informed all…
— Nischal (Shardeum) (@NischalShetty) July 20, 2024

https://twitter.com/x/status/1814568500473606386

The exchange's team is also in talks with several expert groups that specialize in tracking cryptocurrency transactions, Shetty added.

"We have informed other trading platforms. Someone answered, someone else did not. Keep an eye on it. Their support in recovery will be crucial as the stolen funds are moved, " he noted.

The team is currently analyzing the data to understand the extent of the damage. According to the co-founder of the company, this "unprecedented attack on one of the largest crypto exchanges in India negatively affected the entire Web3 ecosystem."

 

[Carding Forum]

After hacking WazirX for $230 million (45% of all client funds), the exchange team proposed a " fair and transparent social loss strategy."

The initiative implies instant access to most of the assets (55%), while maintaining the possibility of further recovery for "those who prefer to wait".

"By combining losses, we ensure equity within our user base and maintain the stability of the exchange. This approach balances quick access for some with potential recovery for others, seeking to resolve the situation more effectively than traditional procedures," the platform said in a statement.

WazirX co-founder Nishal Shetty outlined, according to him, two ways of developing the exchange after the hack:

Nothing is impossible if WazirX can survive this. It will grow and if it makes profits those can be used for recovery.

But, it’s only possible if all our customers support us at this time.

Historically there have been two options that exchanges which faced such situation…
— Nischal (Shardeum) (@NischalShetty) July 27, 2024

https://twitter.com/x/status/1817128583409627161

He suggested going down the path of litigation, which would take years and involve legal costs. The option of "social losses" is more profitable, as it will help" develop the business and find more new solutions, he added.

WazirX also initiated a survey in which, as reported by CoinDesk, customers were asked to vote for two options: access to 55% of funds without the possibility of withdrawal, but with priority for any potential recovery funds, or access to 55% of funds with the possibility of withdrawal, but with a lower priority for refund.

The remaining 45% will be converted to USDT and blocked.

After the negative reaction of the community, WazirX and Shetty published appeals in which they stated that the survey did not "have legal force."

"Our team is currently reviewing all the proposals to develop a plan that will truly meet the best interests of our clients. We strive to develop a plan that will take into account your collective voice and ensure a fair and effective result, " the representatives of the trading platform wrote.

In the address of the exchange's CEO, he advocated the option of "social losses", since this would allow the exchange to resume work, while at the same time exploring the possibility of compensation.

Many have criticized this approach, as it punishes users for the error of the exchange itself. CoinDCX co-founder Sumit Gupta said that the first contribution to the losses should be borne by the company.

Hate to be saying this, but the way @WazirXIndia is handling this entire situation isn't community first and this IMO won't go down well for them. This sadly is also hurting the other ecosystem participants.

The first contribution to losses should ALWAYS come from the Company…
— Sumit Gupta (CoinDCX) (@smtgpt) July 29, 2024

https://twitter.com/x/status/1817844272064012304

"Forcing customers to directly absorb 45% of their losses is complete nonsense. The survey options are also formulated in such a way as to primarily protect business, not customers," he said.

 

[Carding Forum]

Socialization of losses: a new plan for the WazirX crypto exchange after the theft of $230 million.​

Platform clients pay for other people's mistakes from their own wallet.

Indian cryptocurrency exchange WazirX announced a plan to "socialize" $230 million in losses from a recent cyberattack. The decision caused a storm of indignation in the local cryptocurrency community.

After hackers stole almost half of the exchange's reserves in the largest cryptocurrency theft in India, WazirX suspended all trading operations. Now, the company has unveiled a strategy for resuming operations within a week, planning to introduce a "fair and transparent social distribution strategy" to distribute losses evenly among all users.

According to the new plan, WazirX will "rebalance" clients ' portfolios, returning them only 55% of their assets, while the remaining 45% will be locked in tokens equivalent to USDT. Such measures will affect even those customers whose tokens were not directly affected by the hack – these users will receive back 55% of their assets.

Users are offered two options for further actions:

• the platform allows you to trade and store crypto assets with priority for recovery, but restricts withdrawal of funds;
• the platform allows trading and withdrawal of funds, but users will have a lower priority in recovery.

The second option allows you to trade and withdraw your assets, but recovery efforts will focus on those who chose the first option. Users can switch between options at any time before making any transactions or withdrawing funds.

WazirX confirmed that the company did not insure customer funds, as this is not possible. A representative of the exchange warned that recovery efforts may not be successful and may take years.

Experts note that WazirX actually controls the stored crypto assets of users, that is, the exchange does not just act as an exchange and depository, but actually extracts cryptocurrency from user wallets and transfers it to others. WazirX cannot claim to be just an exchange. Many WazirX users also wondered why the company doesn't use its own profit reserves to compensate customers or at least mitigate damages.

The cyberattack on WazirX resulted in the theft of more than 200 different cryptocurrencies. The attack targeted one of the company's multi-signature wallets, which requires multiple keys to authorize transactions at once. The hacked wallet was signed by 6 people: 5 from WazirX and 1 from Liminal. Most transactions on the platform require the approval of three WazirX signers and one Liminal signer. As a result of the attack, attackers were able to bypass the security system by taking advantage of the discrepancy between the Liminal interface and the actual transaction data.

Source

 

[Friend]

The attacker behind the hack of the Indian cryptocurrency exchange WazirX sent 2600 ETH ($6.5 million) to the Tornado Cash mixer for money laundering. PeckShield analysts drew attention to this.

#PeckShieldAlert #WazirX Exploiter -labeled address has transferred 2600.1 $ETH (worth ~$6.5M) to #Tornadocash within the last 9 hours
On July 18, India's #CEX WazirX suffered a major security breach, resulting in the theft of over $230 million in cryptos. pic.twitter.com/0QeKkleUyb
— PeckShieldAlert (@PeckShieldAlert) September 3, 2024

The director of the consulting company Kroll suggested that the clients of his business partners from the Indian crypto exchange WazirX, which lost $230 million worth of crypto assets during the hack, are unlikely to be able to return their funds in full.

According to George Gwee's estimates, affected clients of the exchange can at best expect a return of 55-57% of their total funds. Therefore, many investors will find themselves in a difficult situation, the legal adviser fears. The July hack has seriously affected WazirX's financial position, and the exchange's ability to mitigate investor losses is limited.

WazirX is preparing for a complex restructuring process, so the clients of the trading platform will have to prepare for long waits and uncertainty, Gvee noted. He explained that restructuring involves complex negotiations with creditors, customers and, possibly, regulators. The process is exacerbated by the volatility of crypto assets, the rate of which can fluctuate greatly. WazirX is negotiating to share the profits from its revenue-generating products, the director of Kroll assured.

On Tuesday, September 3, the High Court of Singapore is due to consider WazirX's application for six-month bankruptcy protection, while the exchange is restructuring its liabilities after losing $234 million (about 45% of client funds). The petition was filed last week by Zettai, a company registered in Singapore. The exchange is operated by its subsidiary Zanmai India.

WazirX also said that it is negotiating with a certain "white knight" - a friendly investor. However, his money will not be raised as equity due to the ongoing dispute with the world's largest crypto exchange, Binance.

 

[Friend]

43% of funds disappeared: customers of the WazirX exchange will not get their money back.
The last hope of the exchange remains on investors.

Indian crypto exchange WazirX has announced that 43% of customer funds lost in a recent cyberattack will probably not be recovered. Representatives of the company said that the exchange is undergoing a restructuring process that can take up to 6 months. In addition, the possibilities of attracting investments and cooperation with new partners to overcome the crisis are being discussed.

According to estimates, the restructuring will require about 55-57% of the exchange's current assets. In cryptocurrency terms, this could mean that through restructuring, it will be possible to return this part of the funds to users. This decision caused a storm of indignation in the local cryptocurrency community.

The focus will be on creating new revenue streams, recovering stolen assets, and speeding up withdrawals for customers who need quick access to their finances. The company noted that those users who agree to participate in the restructuring process can expect higher payouts.

A cyberattack on WazirX led to the loss of more than $230 million stored in one of the company's multisig wallets. The exchange said that the wallet was managed using Liminal's digital asset storage and wallet infrastructure.

During the preliminary investigation, it became known that the cause of the attack could be "the difference between the data displayed on the Liminal interface and the actual content of the transaction". According to the company's suspicion, the North Korean Lazarus group may be behind the attack.

When asked about possible litigation with Binance and Liminal, whose systems were allegedly compromised, WazirX representatives did not give specific answers. However, it was confirmed that negotiations are underway with a potential investor who is ready to provide financial assistance. At the same time, it was noted that capital will not be raised through the sale of a stake in the company due to the ongoing dispute with Binance.

 

[Man]

$235 Million Counterfeit: One Telegram Account Brought Down WazirX Crypto Exchange.​

Police caught a participant in the largest crypto robbery in India.

Indian police have detained a resident of Bengal who is suspected of hacking the WazirX crypto exchange. As a result of the hack, $235 million worth of cryptocurrency assets were stolen from the exchange's multisig wallets.

According to the indictment provided by Cointelegraph, the leak was not related to vulnerabilities within the WazirX system. Hackers gained access to the exchange using a fake account that was sold through Telegram and then used by a third party.

During the investigation, the WazirX exchange helped the investigators by providing everything they needed: equipment, customer data, and transaction logs. The Indian Cybercrime Centre (IFSO) has confirmed that the exchange's systems have not been hacked, indicating a high level of protection.

As it became known, hackers gained access to cryptocurrency wallets through deception and withdrew significant funds from there. According to the investigation, the detainee was part of a group that used fake accounts to access the platform. He also admitted that he received a large reward for selling the WazirX account through Telegram.

However, difficulties arose during the investigation: third-party companies that managed the exchange's digital assets did not immediately provide the necessary data, which slowed down the process.

Meanwhile, WazirX has come into conflict with digital asset custody partner Liminal Custody. On October 22, Liminal released a statement accusing WazirX of spreading false data. WazirX, according to Liminal, blamed the company for the leak, despite the fact that the exchange itself continued to store assets on the platform for another 75 days after the hack.

WazirX representatives, in turn, said that they have already begun the process of transferring the remaining assets to new wallets with enhanced security. Independent audits confirmed that the exchange's systems remained unscathed, despite the difficulties faced by the investigation.

After hackers stole almost half of the exchange's reserves in the largest cryptocurrency theft in India, WazirX suspended all trading operations. The company later unveiled a week-long reopening strategy, planning to introduce a "fair and transparent social sharing strategy" to evenly distribute losses among all users. The decision caused a storm of indignation in the local cryptocurrency community.

A cyberattack on WazirX led to the theft of more than 200 different cryptocurrencies. The attack was aimed at one of the company's multi-signature wallets, which requires several keys at once to authorize transactions. The hacked wallet was signed by 6 people: 5 from WazirX and 1 from Liminal. Most transactions on the platform require the approval of three signatories from WazirX and one signatory from Liminal. As a result of the attack, the attackers were able to bypass the security system by taking advantage of the discrepancy between the Liminal interface and the actual transaction data.

Source

 

[Man]

A suspect has emerged in the $230 million theft case from the WazirX exchange — a drop.

Delhi police have arrested a man who is suspected of involvement in the theft of $230 million from the WazirX cryptocurrency exchange. However, apparently, this is not about the alleged criminal, but about the drop whose services he used.

The detainee, Masood Alam, is a native of the Indian state of West Bengal. His guilt boils down to the fact that he opened a fake account on behalf of a non-existent person, Sovik Mondal, and then sold it to a stranger using the nickname M Hasan in the Telegram messenger. Subsequently, it was this account that was used to hack WazirX in August 2024: first, cybercriminals emptied the exchange's hot wallets, and then tried to reach the cold ones, but they failed.

The investigation is complicated by the fact that Liminal Custody, the company responsible for the security of WazirX wallets, has effectively ignored requests from the Indian police and refuses to provide information of interest to law enforcement agencies. At the same time, an examination of the internal systems of the exchange itself did not find any evidence of unauthorized access to them. Investigators have yet to study the role of Liminal Custody in the hack, due to which WazirX lost 45 percent of its assets.