WazirX, one of India’s largest cryptocurrency exchanges, fell victim to a significant cyberattack that resulted in the theft of over $230 million in digital assets. This incident has highlighted serious concerns about the security of cryptocurrency exchanges and the safety of user funds. In this article, we delve into the details of the hack, WazirX’s recovery plan, and the implications for its users.
Incident Overview
The cyberattack targeted a multi-signature wallet used by WazirX, compromising the security of the funds stored within it. The attackers managed to gain unauthorized access to three out of five signatures required to authorize transactions, allowing them to siphon off a substantial amount of cryptocurrency, including Ethereum and various ERC-20 tokens. The total loss represented approximately 46% of WazirX’s reported reserves, which were around $503 million at the time of the attack.
Attack Details
- Methodology: The attackers employed sophisticated techniques to execute the breach, including “chain hopping” and fragmenting large sums into smaller transactions to obfuscate their movements. This suggests a high level of planning and expertise, potentially linked to state-sponsored hacking groups such as North Korea’s Lazarus Group.
- Immediate Response: Following the attack, WazirX took swift action by suspending all trading, deposits, and withdrawals to prevent further losses. They filed complaints with cybercrime authorities and initiated investigations to track the stolen funds.
Recovery Plan
In light of the massive losses incurred, WazirX has outlined a recovery plan aimed at addressing the impact on users and restoring confidence in the platform. The key components of this plan include:
1. Socialized Loss Strategy
WazirX has proposed a controversial “socialized loss strategy,” which aims to distribute the financial impact of the hack equitably among all users. This approach means that the $230 million loss will not be borne solely by those directly affected but will instead be shared across the entire user base. This strategy is designed to preserve the exchange’s stability and prevent a complete collapse of user trust.
2. User Options for Recovery
Action Required: Users need to participate in a poll to select their preferred option for handling their crypto assets following the cyberattack. The deadline for responses is 03 August 2024, 07:00 AM IST.
Poll Details: The poll is not legally binding but will influence future decisions based on results, investigations, platform liquidity, and evolving circumstances.
Portfolio Adjustments:
- For Non-Stolen Tokens: 55% of each token’s value will be unlocked, while 45% will be converted to USDT-equivalent tokens.
- For Stolen Tokens: If the entire portfolio consists of stolen tokens, a balanced crypto basket will replace 55% of the value with available assets on the platform.
Mixed Portfolio Handling: Users with a mix of stolen and non-stolen tokens will have 55% of the total value unlocked. Stolen tokens within this portion will be replaced with equivalent value tokens.
BTC and Non-ERC20 Tokens: The plan applies to all crypto holdings, including BTC, regardless of the token type.
INR Holdings: Users with only INR will not be affected by the crypto adjustments.
Recovery Efforts: Locked tokens may be unlocked based on recovery efforts, including tracing stolen assets and exploring compensation methods.
Rationale for 45% Locking: The approach aims to distribute assets fairly and maximize recovery while keeping the exchange operational.
3. Bounty Program
To incentivize the recovery of the stolen assets, WazirX has launched a bounty program offering rewards for actionable intelligence that leads to the freezing and recovery of the stolen funds. The exchange is offering a total of up to $23 million in bounties, aiming to engage the broader crypto community in the recovery efforts.
4. Ongoing Investigations and Collaborations
WazirX is actively collaborating with law enforcement agencies, cybersecurity experts, and other cryptocurrency exchanges to track the stolen assets. They have reached out to over 500 exchanges to block the identified wallet addresses and are working to analyze forensic data to understand the full impact of the breach.
Implications for Users
The WazirX hack has significant implications for its user base, particularly regarding trust and security in the cryptocurrency space. Users are advised to remain vigilant against potential scams, including phishing attempts and fraudulent websites mimicking WazirX. The exchange has urged users to rely only on official communications and to report any suspicious activities.
Users should also be aware of the implications of the 55/45 unlocking and locking approach proposed by WazirX. If a user’s portfolio consists entirely of affected tokens, 55% of their unlocked crypto assets will be replaced with other token(s) of equivalent value, while the remaining 45% will be locked and converted to USDT-equivalent tokens. For portfolios with a mix of stolen and non-stolen tokens, the unlocked portion will be proportionally allocated to the available tokens, with any stolen tokens replaced by a balanced crypto basket.
It is important to note that the 55/45 approach applies to all crypto holdings, regardless of the token type, including BTC. However, INR funds will not be affected, and withdrawals will be enabled, subject to withdrawal limits.