WazirX to Begin Restoring User Balances, Withdrawals Remain Suspended

As a seasoned analyst with over two decades of experience in the financial industry, I have seen my fair share of cyberattacks and security breaches, but none as significant as the one that hit WazirX this July. The sheer scale of the hack and the losses involved are unprecedented in the Indian cryptocurrency exchange landscape.


2024-08-08 saw WazirX initiate the restoration of user account balances after experiencing a cyber attack on July 18.

This measure aims to address the disruptions caused by the massive security breach.

Restoration Process

In light of the cyberattack on July 18, I’ve been closely following WazirX’s comprehensive recovery strategy aimed at resolving user-related issues and maintaining a level playing field throughout the platform. This approach demonstrates their commitment to us, their valued investors.

1. Starting from 1 PM IST on the day of the incident, all subsequent trades will be rolled back. This includes transactions involving cryptocurrencies or INR. In other words, these trades will be undone, returning users’ portfolios to their pre-attack state. The intention is to eliminate the influence of questionable trades and rectify any inconsistencies in account balances.

Additionally, WazirX will not only reimburse all trading fees and referral rewards linked to trades made between July 18 and July 21, but also refund any tax deductions related to those transactions. In other words, users will receive a refund for their trading fees, get back their referral bonuses, and see credits for the tax deductions associated with these trades during that specific timeframe.

In the coming updates, deposits made during the problematic time period will be carefully examined and rectified. Any transactions carried out during that span will be nullified, and those users who were impacted will receive comprehensive emails detailing the exact trades and any changes made to their respective accounts.

📢 Important Update:

Based on the valuable input we’ve been receiving, we’re swiftly addressing your issues. After thoughtful analysis of the situation and the insights provided by many users, we find it necessary to rectify account balances and reverse any affected transactions.

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) August 8, 2024

To ensure a seamless and precise process, all trading, withdrawals, and restorations will be temporarily halted during this phase. This short break is essential for making necessary adjustments and preventing future interruptions.

Background of WazirX Hack

In a major cyber incident, approximately $230 million was stolen from the WazirX platform, marking one of the biggest attacks in recent times. The attack targeted WazirX’s multi-signature wallet, which had six keyholders – one being Liminal, a provider for multi-party computation (MPC) wallets, and the remaining five were from WazirX itself. This indicates that substantial vulnerabilities were exploited in the wallet system.

As per a report by Liminal, the recent hack was not due to issues in their user interface, contrary to WazirX’s earlier statements. Instead, the breach stemmed from WazirX devices that were compromised. Liminal explained that their multi-signature wallet requires an additional signature if WazirX provides the necessary three. This means that the attacker only needed to infiltrate three devices to carry out the attack.

In this scenario, WazirX’s equipment executed a legitimate transaction, and Liminal’s server provided a “safeTxHash” as confirmation. Unfortunately, an intruder intercepted this hash and replaced it with an incorrect one, leading to the transaction’s failure. The attacker then exploited signatures from other transactions to validate a new one, which was successfully processed on the Ethereum network.

The recent WazirX hack underscores an increasing concern within the digital currency sphere, as instances of security violations appear to be happening more often. This emphasizes the importance of enhancing security protocols and urging greater vigilance.

Read More

Sorry. No data so far.

2024-08-08 15:36