A staggering Rs 2,000 crore (approximately $230 million) cryptocurrency heist has shaken WazirX, one of India’s leading crypto exchanges, highlighting vulnerabilities within the industry. The arrest of a West Bengal man, SK Masud Alam, by the Delhi Police is considered a breakthrough, as authorities continue to investigate the cyberattack that led to the loss of nearly 45% of WazirX’s digital assets.
Also read: US Crypto Future Looks Promising, Says Andreessen Horowitz
The Massive Breach: How WazirX Lost Rs 2,000 Crore
On July 18, 2024, WazirX suffered a significant cyberattack, resulting in the theft of Rs 2,000 crore worth of digital assets. The breach targeted WazirX’s multi-signature (multi-sig) wallets, which are designed to enhance security by requiring authorization from multiple signatories before completing transactions. However, this sophisticated security feature became a point of vulnerability in the attack.
WazirX is known for its offerings in the crypto space, enabling users to trade popular assets such as Bitcoin, Ethereum, and more. The exchange was launched in 2018 and has since become a prominent platform in India, providing services like peer-to-peer (P2P) transactions, staking, and spot trading, as well as integration with Binance, a global crypto giant.
Unraveling the Attack: Fake Accounts and Telegram Transactions
The initial breakthrough in the investigation occurred when the Delhi Police arrested SK Masud Alam in West Bengal’s East Midnapore district. Alam allegedly created a WazirX account under a fake identity, using the name Souvik Mondal, and subsequently sold the account on Telegram to another individual, M. Hasan, who then executed the cyberattack.
The chargesheet reveals that Hasan exploited the account to access WazirX’s wallet and drain funds. The hackers targeted the exchange’s hot wallets, which are online and frequently used for daily transactions, and later made attempts on the more secure cold wallets, which are offline and less accessible.
Investigating the Custodians: Liminal Custody’s Role in the Breach
During the course of the investigation, the Delhi Police sought information from Liminal Custody, a third-party service provider tasked with securing WazirX’s digital assets. Liminal, responsible for overseeing WazirX’s multi-sig wallets, reportedly received multiple inquiries from authorities. However, the chargesheet claims that Liminal was uncooperative, sparking questions about the firm’s security practices and responsibility in securing funds.
In a statement, Liminal clarified its stance, asserting that it has cooperated with law enforcement and met with officials from the Intelligence Fusion and Strategic Operations (IFSO) division. Liminal’s spokesperson emphasized the company’s commitment to transparency, regulatory compliance, and data-sharing standards, stressing that it has consistently provided information to investigators in accordance with legal requirements.
The Complexity of Multi-Signature Wallets: How Security Measures Can Backfire
The breach sheds light on the intricacies and potential flaws of multi-signature wallets in the cryptocurrency ecosystem. A multi-sig wallet requires the authorization of multiple parties—typically three or more keys are used to approve any given transaction. In WazirX’s case, six signatories were involved, five from the exchange itself and one from Liminal Custody.
While the multi-sig wallet mechanism is designed to prevent unauthorized access and enhance security, it can create challenges when any of the authorized parties are compromised. The involvement of multiple signatories raises operational complexities, making it easier for hackers to exploit loopholes if any of the security layers falter, as happened in this case.
The Delhi Police’s Approach: Collaborative Efforts with Cyber Agencies
The investigation into the WazirX cyberattack is being conducted with support from the Indian Cyber Crime Coordination Centre (I4C), and authorities have made it clear that this is only the beginning. They have seized three laptops used by WazirX’s authorized personnel to approve transactions, along with transaction logs and KYC (Know Your Customer) details, as part of a broader forensic analysis.
So far, the Delhi Police’s collaborative efforts with other agencies have been instrumental in gathering evidence. The involvement of cyber authorities underlines the high priority of this case, as cybercrimes involving large sums and public trust in financial systems tend to be met with rigorous scrutiny.
Implications for India’s Crypto Landscape
As cryptocurrency adoption grows in India, so do the challenges associated with security and regulation. The WazirX incident underscores the need for a more regulated ecosystem to protect both investors and exchanges from such breaches. With digital assets increasingly popular in India, regulatory bodies may soon consider implementing stringent cybersecurity requirements for crypto exchanges.
The government’s stance on cryptocurrencies is evolving, and incidents like this highlight the necessity of a clear regulatory framework to foster safe and secure growth within the sector. Enhanced security measures and transparency can reassure investors and build public trust, vital for the long-term stability of India’s crypto market.
A Call for Accountability and Strengthened Security
The arrest of SK Masud Alam is a step toward justice, but the broader investigation into the WazirX breach has only just begun. This case highlights the challenges and complexities involved in securing digital assets, especially as more people turn to cryptocurrencies as investment opportunities.
While the Delhi Police continue their investigation, both WazirX and Liminal Custody are under scrutiny for their role in ensuring security and accountability. As the case unfolds, it serves as a powerful reminder of the importance of robust security frameworks and industry cooperation to combat cyber threats and protect investors.
With regulatory bodies watching closely, the WazirX breach could pave the way for stricter policies in India’s cryptocurrency sector, potentially shaping a safer, more resilient future for digital finance in the country.
Also read: FTX Sues Binance and Former CEO Zhao for $1.8 Billion
