WazirX dangles $23 mn bounty for help reclaiming swiped crypto; people ask 'Where's our money?'
On Sunday, the company announced a bounty program for help recovering the stolen funds offering rewards of up to $10,000 worth of USDT for successful intelligence that facilitates freezing of the stolen amount. Here's what went on.
The cyberattack on WazirX--a major cryptocurrency exchange in India with an estimated 16 million users--is among the biggest security breaches the world may have seen. Hackers reportedly managed to steal more than $230 million from WazirX's multisig Ethereum Wallet. The amount, unfortunately, was also nearly half of the cryptocurrency platform's reserves.
Calling it a "force majeure event beyond our control" WazirX said in a statement: "We have already blocked a few deposits and reached out to concerned wallets for recovery. We are in touch with the best resources to help us in this endeavor. While these are our findings from our preliminary investigation, we will keep you posted with further updates. Together with your support, we shall overcome this challenge and emerge stronger and more resilient than ever."
On Sunday, the company launched a bounty program for help recovering the stolen funds offering rewards of up to $10,000 worth of USDT for successful intelligence that facilitates the freezing of the stolen amount. Here's what went on.
Also read: How hackers leaked 1.2TB of Walt Disney's internal data through Slack channels
A brief timeline
- July 18, 2024
- Cyberattack on one of WazirX's multisig wallets
- Digital assets amounting to more than $230 million lost
- Chain of transfers tracked
- Multiple exchanges contacted to recover stolen assets
July 19, 2024
- Company launches global outreach program; reaches out to 500 exchanges to block wallet addresses
- Law enforcement agencies and forensic experts engaged
- Rupee and crypto deposits and withdrawals put on hold
July 20, 2024
- Global outreach efforts enter day three
- Users asked to not trade on WazirX for now
July 21, 2024
- Bounty program to help recover stolen assets launched
- Rewards up to $10,000 worth of USDT for actionable intelligence that can help recover stolen funds
- Trading on platform suspended
What caused the security breach?
Also read: Indian employee fired by Singapore company hacks and deletes servers, causing Rs 5.66 crore loss
Going by preliminary findings, WazirX stated that the cyberattack may have been the result of a discrepancy in data on Liminal's--a digital asset custody and wallet infrastructure provider--interface and what users signed.
"We suspect the payload was replaced to transfer wallet control to an attacker," the company said.
The company wrote on its website: "On July 18, 2024, WazirX experienced a cyber attack on one of our multisig (Multi-Signature) wallets, resulting in the theft of digital assets exceeding $230 million. This wallet was managed using Liminal¡¯s digital asset custody and wallet infrastructure. As a result of the attack, our ability to maintain 1:1 collaterals with assets has been deeply impacted."
Meanwhile, Liminal Custody denied a breach ever took place on its platform. "Our preliminary investigations show that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem has been compromised," it said in a statement. "We can confirm that Liminal¡¯s platform is not breached and Liminal¡¯s infrastructure, wallets and assets continue to remain safe."
WazirX is presently studying forensic data and liaising with experts to develop recovery strategies. "We understand the anxiety and concern this situation may cause, and we deeply appreciate your patience and understanding. We are committed to resolving this matter and will keep you updated with any significant developments," it told users.
Here's how the internet reacted
#1
Found WazirX¡¯s multisig wallet¡¯s security: pic.twitter.com/AceRLMDW47
¡ª IshitaPandey.eth (@IshitaaPandey) July 19, 2024
#2
Today 27% lose in my wazirx account?????#wazirx pic.twitter.com/XrrCGVvLde
¡ª Noufal Like XEN (@Noufalp80324897) July 18, 2024
#3
The irony with Indian ?? exchanges is that hackers can withdraw funds from the exchange, but legitimate exchange users cannot withdraw their own tokens or hold in self custody. WTH. @CoinDCX @WazirXIndia @WazirXCares @CoinSwitch #BTC #WazirXhacked #Wazirx @cryptoamanclub pic.twitter.com/PwFGNBN8cG
¡ª Chandrashekhar B (@shekharbhujbal8) July 19, 2024
#4
Meanwhile, the Indian Govt.#Wazirx #cryptotax pic.twitter.com/Fuk26rU6nH
¡ª Kanik Rajput | Kanik.eth (@kaniik) July 18, 2024
Also read: 'Mummy Ko Pata Chalega To...': Man Spills Milk In Kitchen, Turns To Reddit For Emotional Support
What do you think of this? Hit us up in the comments section and let us know.
There's a whole lot more on Indiatimes Trending. You can also follow us on Telegram.