Delhi Police Unravel $235 Million WazirX Hack, Uncover Organized Gang Ties

November 14, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

In a significant breakthrough in the case of a $235 million hack on the WazirX cryptocurrency exchange, Delhi Police recently apprehended a suspect from Bengal believed to be linked to the crime.

This arrest marks a crucial step in uncovering the methods behind the high-profile heist and affirms the resilience of WazirX’s internal security systems.

The chargesheet shared with Cointelegraph reveals that the breach was not due to any internal vulnerabilities at WazirX but was instead facilitated by an external actor using deceptive methods.

The investigation found that the hack was executed through a fake account, allegedly sold via Telegram, which was then exploited by a third party.

During the investigation, WazirX cooperated fully, providing hardware, Know Your Customer (KYC) records, and detailed transaction logs, allowing investigators to piece together the intricate details of the scheme. The Indian Cyber Crime Coordination Centre (IFSO) reviewed the case, confirming that WazirX’s systems remained uncompromised, lending credibility to the exchange’s security framework, which had been under scrutiny.

How the Hack Unfolded

According to the chargesheet, the hackers managed to access WazirX’s multisignature wallet, resulting in a depletion of crypto tokens valued at $235 million. It was revealed that the arrested suspect allegedly belonged to an organized group of hackers who managed to infiltrate WazirX’s platform through a fictitious account.

Further investigation highlighted how a buyer had approached the suspect on Telegram, offering a substantial sum for WazirX crypto accounts, which they used as an entry point to access and drain the exchange’s funds.

Challenges and Security Affirmation

An independent review by IFSO verified WazirX’s claim that its internal systems were not compromised, reinforcing the company’s stance on the strength of its cybersecurity. Nevertheless, investigators faced difficulties in data collection due to cooperation delays from certain third-party services that managed WazirX’s digital assets.

This breach highlights the vulnerabilities surrounding external parties in cryptocurrency exchanges. As the investigation unfolds, the need for enhanced security collaboration across platforms and third-party services becomes ever more evident.

WazirX’s Future: Decentralization and Recovery

In response to the hack, WazirX has announced a series of new initiatives aimed at boosting investor confidence and expanding its presence in the crypto market. At a recent town hall event, the company and its risk advisory partner Kroll disclosed plans to launch a decentralized exchange (DEX) and introduce a new crypto token. This strategic pivot is designed to enable recoveries for affected investors whose assets were locked during the July cyberattack.

According to materials shared with its users, WazirX aims to become India’s largest DEX within the next year. The move toward decentralization marks a significant step, positioning WazirX as a leader in secure, decentralized digital asset trading.

Moving Forward

As WazirX moves forward with ambitious plans for decentralization and enhanced investor protections, this case serves as a reminder of the need for resilient security frameworks in the face of evolving cyber threats. The investigation continues, but this arrest marks a turning point in the fight against organized crypto crime in India.