After the $230 million crypto-heist, WazirX, one of India’s largest cryptocurrency exchanges, has ‘temporarily’ halted all trading activities on its platform. It’s a little too late, but the company has also launched a three-month bounty program to partially or fully recover the stolen assets.
The Mumbai-based exchange announced the suspension via a tweet on Sunday evening, citing the breach’s significant impact on its operational stability. The attack has significantly impaired WazirX’s ability to maintain its 1:1 collateral ratio with its assets, raising concerns about its reserves’ sufficiency and ability to reimburse affected customers fully.
Earlier, WazirX had already restricted customer withdrawals following the breach. The cyber attack targeted one of the exchange’s multi-signature wallets, which held substantial crypto assets.
This wallet, intended to bolster security through its six signatories (five of whom were part of the WazirX team), was compromised. According to the crypto exchange, the breach occurred due to discrepancies between the data displayed on Liminal’s interface and the actual transaction contents.
WazirX has also introduced a bounty program offering up to $23 million for information leading to the recovery of stolen assets.
“WazirX invites white hat hackers, blockchain forensics experts, and cybersecurity professionals from around the world to join this critical mission. This collaborative effort presents a unique opportunity to showcase skills on a global stage while contributing to the security and integrity of the crypto ecosystem,” said the company. “The bounty program will be active for three months from the date of this announcement, with the possibility of an extension or reduction of the timeframe depending on recovery progress.”
Cybersecurity researchers have indicated that the attacker may have links to North Korea, adding an international dimension to the breach. This revelation has intensified scrutiny of WazirX, especially given the significant financial impact. The loss of $230 million is substantial, considering the exchange reported holdings of approximately $500 million in its June proof-of-reserves disclosure.
The breach has also prompted concerns among other Indian cryptocurrency platforms. CoinSwitch and CoinDCX, which collaborate with WazirX for some services, have assured their users that they have not been affected by the attack. Moreover, the lack of cybersecurity measures in such companies that hold user assets in the millions is callous and demands better security and privacy standards overall in the Indian tech ecosystem.
In the News: CrowdStrike fixes faulty logic error-causing Channel File 291
