Key Takeaways
- WazirX has filed a police complaint and reported the incident to the Financial Intelligence Unit and CERT-In.Â
- The exchange is preparing a bounty program to help them freeze/recover the stolen assets.
Two days after hackers breached WazirX, India’s largest cryptocurrency exchange, and stole $234 million, the exchange’s founders have launched a bounty program to recover the stolen assets.
The security breach occurred on July 18, targeting the multisig wallet and leading to the theft of $234.9 million. In response, WazirX halted all withdrawals and informed users they have contacted the police for investigation.
On Saturday, Nischal Shetty, co-founder of WazirX, announced the bounty program on X. “We’re preparing a bounty program to help us freeze/recover the stolen assets,” Shetty wrote. He added, “We’re in touch with a few teams that claim to be experts at this. We’ve informed all the other exchanges. Some have responded, some have yet to. We are following up. Their support in recovery will be crucial as the stolen funds move. We are also analyzing data to understand the extent of damage and working on further law enforcement and regulatory procedures.”
WazirX outlined several immediate actions in response to the cyberattack. The exchange has filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. Shetty also stated that WazirX is reaching out to over 500 exchanges to block the identified addresses associated with the stolen funds. Cooperation from these exchanges is crucial as the stolen assets move through various platforms.
The WazirX team is preparing a bounty program to incentivize individuals and entities to help freeze or recover the stolen assets. This program is part of their strategy to enhance their efforts in tracing the stolen funds. They are also in discussions with several expert groups that specialize in tracking cryptocurrency transactions, providing continuous monitoring and support in the recovery process.
WazirX expressed gratitude for the support from the broader Web3 ecosystem, emphasizing the need for a collective effort to resolve the issue and maintain the ethos of Web3 communities.
Shetty noted that the team is currently analyzing data to understand the extent of the damage caused by the attack. This analysis is crucial for formulating an effective recovery plan and ensuring that all possible measures are taken to address the impact on customer funds.
The Indian crypto exchange is also collaborating with forensic experts and law enforcement agencies to identify and apprehend the perpetrators.
The WazirX breach resulted in a significant loss of approximately $235 million, making it the second-largest hack of a centralized exchange in recent times, surpassed only by the DMM exploit on May 31, which saw a loss of $305 million.
Reports indicate that North Korean hackers may have been behind the WazirX exploit, leading to over $200 million in losses. Blockchain analytics firm Elliptic noted that the attack has the hallmarks of North Korean threat actors, with attackers swapping the crypto assets for Ether using various decentralized services.
As per blockchain analytics firm, Lookonchain data, the stolen assets include more than $100 million in Shiba Inu (SHIB), $52 million in Ether (ETH), $11 million in Matic (MATIC), and $6 million in Pepe (PEPE). The hacker’s ongoing efforts to liquidate these assets pose significant concerns.
Crypto researcher ZachXBT echoed these sentiments on X, stating, “the WazirX hack has the potential markings of a Lazarus Group attack (yet again).”
