It’s been three months since Indian cryptocurrency exchange WazirX was hacked for $230 million, resulting in the loss of more than 40% of its entire customer holdings.
This has been a big shock and loss to India’s crypto industry, which, according to blockchain analytics firm Chainalysis’s ‘2024 Global Crypto Adoption Index‘, ranks first in overall crypto adoption out of 151 nations. This marks the second consecutive year that the world’s most populated country has claimed the top spot.
The inflows from the Central and Southern Asia and Oceania (CSAO) region, under which India falls, have been reported to be $570 billion between July 2023 and June 2024. CSAO records high levels of activity on local crypto exchanges, in DeFi, and with merchant services, as per the report.
India’s crypto sector, however, remains largely unregulated. Still, a 30% tax is levied on capital gains from crypto activities, in addition to a 1% tax deducted at source (TDS) on every transaction. Firms dealing with crypto, meanwhile, are required to obtain a license from the National Financial Intelligence Unit (FIU).
Despite these regulations, crypto-related fraud and hacking incidents continue to surge in India. For instance, investors have been expressing frustration on X over FIU-registered exchanges like Bitbns, which have restricted withdrawals, sparking fears about the safety of customer funds. Meanwhile, WazirX, another FIU-registered exchange, lost users’ funds in a hack during the bull market.
Once among the leading crypto exchanges in India, WazirX is now reeling from the consequences of a massive cyberattack that took place on July 18.
So, what exactly has been going on all this time? What progress, if any, has WazirX made these past three months? Let’s see!
A Recap: All That Happened in Last 3 Months
To recap, a multi-sig wallet belonging to WazirX was hacked. This wallet was managed using the services of Liminal, a digital asset custody company.
On the day of the hack, WazirX claimed that the attack resulted from a “discrepancy” between the actual transaction contents and what the Liminal’s interface displayed. The exchange subsequently ended its relationship with Limininal and transferred funds into new multisig wallets.
WazirX then employed Mandiant Solutions, a subsidiary of Google, to conduct a forensic analysis of its laptops used for signing the transactions. The investigation found no evidence that WazirX devices and systems were compromised during the hack. Meanwhile, Liminal brought in auditing giant Grant Thornton to perform its own analysis, which cleared the custody provider of any wrongdoing.
While both companies blamed each other for the security failures in an attempt to escape liability, users were left distraught, having lost their fortunes.
The stolen amount was $230 million, which, as per the holdings reported by WazirX in early June at 503.64 million USDT, accounted for 45.6% of its total assets. The stolen assets included Ethereum (ETH), Tether (USDT), Pepe (PEPE), and Gala Games (GALA).
State-backed actors like the North Korean Lazarus Group, notorious for laundering stolen assets across jurisdictions, are suspected of being involved in the WazirX breach.
The hacker has already finished laundering all the stolen funds. Data from Arkham show the funds first started moving in August, with hackers stepping up the activity last month.
To launder the lost funds, the hacker used the crypto mixer Tornado Cash, which obscures the origin of funds. The privacy service has been commonly used by criminals to move stolen funds while keeping their online trail clean. The developer of Tornado Cash, Alexey Pertsev, has actually been sentenced to five years and four months in prison after a Dutch judge found him guilty of money laundering.
Coming back to WazirX, right after the hack, the exchange paused all crypto and fiat, i.e., Indian Rupee (INR) withdrawals, leaving users stranded. Since then, WazirX has announced phased and limited withdrawal of INR, noting eligible users can “withdraw up to the full 66% limit of their INR balances.”
While partial INR withdrawals have been resumed, crypto withdrawals remain suspended as WazirX works on consolidating wallet balances and restoring user access. At a virtual press conference, the firm’s advisors shared that WazirX may only be able to return 55-57 percent of the capital.
When it comes to asset recovery, the exchange initially proposed a “Socialized Loss Strategy,” under which losers can get just over half of their holdings while locking up the remaining assets. The exchange received a lot of heat from its users and competitors for the proposed plan, which was made towards the end of July, the month in which WazirX got hacked.
Since then, WazirX has been slow to provide updates on the recovery plans, the exchange’s live proof-of-reserves, and the identity of the unknown perpetrators.
Legal disputes with competitor CoinSwitch over $9.7 million in locked funds have also complicated the process. CoinSwitch has sued WazirX to recover the stuck funds, which, as per the exchange, amounts to about 2% of all of its funds.
“From the day of the incident, we have tried to be in constant touch with the WazirX team, seeking recovery of the funds that are stuck on their exchange. However, our efforts have not come to fruition, leaving us with no choice but to pursue legal action to recover the funds.”
– wrote CoinSwitch in a post made on August 28
The trading platform claimed to be utilizing its own treasury to ensure user’s crypto holdings are fully backed.
The Recovery: Pursuing Debt Restructuring Process
After much waiting, the exchange announced its asset recovery plans, which it would pursue as a ‘Singapore Scheme of Arrangement.’ This means that WazirX leadership will put forward a debt restructuring proposal, which users will vote on approval before it is sanctioned by the court.
While a big step forward, no clear timeline has been given, which has confused the WazirX users and made them angry. As per a WazirX blog post, it envisions “at least 6 months to consider the terms of the restructuring plan and work with the relevant stakeholders.”
Users have also been perplexed by WazirX’s decision to take the matter to a foreign court. In response to that, late in September, the exchange posted a video on X (previously Twitter) where it explained that it operates through two entities: Zettai, which is registered in Singapore, and Zanmai, which is an Indian entity and handles INR-to-crypto operations.
Because the hack took place on Zettai, which handles the crypto and tokens, the exchange filed the case in Singapore.
It further explained that in Nov. 2019, Zettai transferred its crypto wallets and tokens to Binance, the world’s leading cryptocurrency exchange. This step followed an acquisition that transferred ownership and control of the platform to Binance, claims the video posted by WazirX. However, in 2022, Binance publicly distanced itself from WazirX, resulting in a dispute between Zettai and Binance, which led to the funds being transferred back to Zettai.
Because Zanmai wasn’t affected by the breach, the firm has sufficient funds to cover all INR user balances. Despite that, the exchange has previously stated that “not all of these balances are currently available for withdrawal,” adding that about 34% of them were frozen and therefore not available for withdrawal.
The firm’s ongoing involvement in disputes and probes by authorities has been cited as a reason for the frozen funds. WazirX, however, maintains that Zanmai is not a target of these investigations and claims that INR balances were secure, though it’s unclear when they will be fully released.
In late August, WazirX applied for restructuring at a Singapore court, seeking a moratorium—a temporary relief from legal proceedings—while it restructures its business.
The Judge said WazirX acted in “good faith” by stepping up and seeking a moratorium, which, according to its co-founder Nischal Shetty, will give the firm “the fastest, fairest, creditor-approved, legally binding path to resolution where creditors have a token choice and potential upside in a bull run.”
Three weeks ago, the Singapore court granted a four-month long moratorium to the exchange, as opposed to the six-month moratorium it asked for.
This action, according to WazirX, paves the way for the quickest resolution to restore crypto balances, “ensuring a fair and timely outcome for all stakeholders.”
The moratorium also came with conditions. This includes making wallet addresses public through a court affidavit, releasing financial information, responding to user queries raised in the courtroom, and ensuring future voting for court applications is scrutinized by independent parties.
So, WazirX has been hosting Town Halls to discuss the proposed restructuring and moratorium application with its users.
“We are thankful for the court’s decision, which allows us to focus on our path to resolution, recovery, and restructuring.”
– WazirX Co-founder Shetty said at the time
The Latest: Listing 240,000 Wallets & Balances
Now, this month, the exchange has been busy with forming a Committee of Creditors (COC) that will represent the interests of the creditors in Zettai’s proposed restructuring. The 10-member panel will consist of users affected by the hack and will attend meetings, provide feedback, monitor progress, and facilitate communication between creditors and the company.
WazirX restructuring is currently being managed by the advisory firm Kroll while employing the services of web security firm zeroShadow to trace the stolen assets.
The latest update from Wazir came this week on October 17, in which it announced the disclosure of over 240,000 wallet addresses pursuant to the debt restructuring process.
“At WazirX, we’ve always believed that transparency is key to building and maintaining trust with our users.”
– The exchange wrote on X on Wednesday
In its official statement, WazirX pointed to the affidavit that will be filed with the Singapore High Court and provided to creditors, featuring the details of about 240,000 wallets with balances.
In anticipation of users questioning the sheer number of wallets it maintained, the exchange clarified that this is standard practice for a platform serving around 4.3 million users. Managing such a large user base numbers requires a complex network of wallet addresses across various to offer users a smooth experience, it noted.
WazirX further shared that most of the wallets have already been consolidated, leaving about 240,000 wallets with token balances. The exchange, however, is still in the process of consolidating token balances from the remaining addresses, a process that it says takes a lot of time and involves network fees, which also go up if the process is rushed.
“Our priority is to manage this process efficiently without inflating costs, ensuring your funds remain secure and your recoveries optimized.”
– WazirX
Now, in the next steps, the exchange will introduce Proof of Reserves (POR) to further enhance trust and security in how exactly it manages customer assets. This step involves the comprehensive consolidation of token assets with third-party custodians and service providers.
While the exchange has been moving ahead with its restructuring, it has already run into problems, having sent out inaccurate emails to thousands of users. The confirmation email was intended only for those who supported the moratorium of the company via an informal survey, but WazirX ended up sending it to those users who did not support the temporary relief from legal proceedings.
“It had come to Zettai’s attention that an email intended only for users who had previously indicated their support for the moratorium was mistakenly sent to approximately 9,000 additional platform users who had not indicated support.”
– The company disclosed in a transcript
This caused confusion among users, with the company acknowledging that this may have “impacted users” trust in the polling process.
WazirX has circulated a user poll to measure potential interest if its users supported its moratorium application. The survey initially only had one option, which was to positively confirm support for the legal procedure, but in the court’s direction, the exchange updated the poll with multiple options to also include opposition and no position on the application.
The Path Forward Amid Legal and Financial Challenges
Under its planned restructuring, WazirX hopes to return about half of its customer assets and spread the hack’s impact across users so that they can receive a “proportionate” share of available crypto assets.
While all this is going on, the exchange has also been in talks with multiple players in the industry, seeking a “white knight” to help with financing.
“Can you sell something that you claim not to own? Can someone invest in or buy a company whose ownership is disputed and being investigated by the ED for FEMA violations? Despite the lucrative data of 16 Mn users, nobody would want to poke their nose into this.”
– A local media reported a founder of another crypto exchange as saying
Besides collaborations with white knights, the platform has been working on improving user fund recovery through profit sharing from reopening exchanges as well as new revenue-generating initiatives.
Amidst this, WazirX is facing legal action from disgruntled users. On October 18, the Delhi High Court heard a petition from a WazirX investor who’s seeking action against the exchange for merging funds of both affected and unaffected users to compensate for losses, which the petitioner said adversely affects investors whose funds hadn’t been compromised.
While the petitioner had reached out to the relevant authority, no action was taken, with the petitioner alleging that he had been verbally informed that the matter would not be pursued due to the involvement of ‘officers in the government.’
The court has now directed the police to investigate and provide a report, mentioning that any legal proceedings against the exchange would be a civil matter. It further concluded that the grievances should be pursued in a civil court rather than through a petition.
Amidst all this, the exchange founders have been meeting with government officials to provide all necessary information on the hack and theft of crypto assets.
The officials included representatives from:
- The FIU, under the Finance Ministry, which deals with suspected financial transactions
- The Intelligence Bureau (IB), which reviews security and counterintelligence under the Finance Ministry
- Indian Computer Emergency Response Team (CERT-In), which handles cybersecurity threats
Overall, the WazirX hack shook the Indian crypto sector hard. The incident not only highlights the vulnerabilities of exchanges in the face of cyberattacks but also exposes the state of the digital assets industry in India, which leads in crypto adoption but lags severely when it comes to regulatory clarity and customer protection.
As the exchange struggles to recover from the financial and reputational damage, its restructuring efforts offer a glimpse of hope for its users. However, it’s just that—a hope right now. With WazirX facing legal disputes, user dissatisfaction, and uncertainty surrounding ownership, the road to recovery is anything but smooth.
The next few months will be critical in determining whether WazirX can rebuild trust and restore its position in India’s fast-growing crypto market or whether it will end up being yet another cautionary tale in the industry.
Click here for a list of best non-custodial wallets.
