WazirX halts trading, announces $23 mn bounty after hackers steal $234 mn. Key updates

The Indian crypto exchange WazirX has announced a $23 million "bounty program" for recovering the $234 million assets stolen after a massive hacker breach on the platform on July 18, 2024. "Based on @zachxbt's (scam survivor turned 2D investigator) feedback, we have increased the White Hat Recovery reward to 10%, i.e., up to $23 Million," the company says via X.

An ethical hacker and cyber security expert with handle ZachXBT on X, in his probe, says the WazirX hack has the potential markings of a "Lazarus Group attack (yet again)". "Hopefully the WazirX team will be transparent with their findings."

Lazarus Group is a hacker group alleged to be run by the government of North Korea. The Indian company has invited white hat hackers, blockchain forensics experts, and cybersecurity professionals to join and protect the integrity of the crypto ecosystem.

In light of the cyber attack, the company also temporarily paused trading on its platform. "The cyber attack theft has impacted its ability to maintain 1:1 collaterals with assets...and we've temporarily paused trading. We're conducting thorough forensic data examination and security audit procedures and working to enable withdrawals soon. User safety remains our top priority," the company informs.

Nischal Shetty, co-founder and CEO, WazirX says his "entire WazirX team" has been working non-stop to help resolve the situation. "We will continue to work for our customers and go on the path to rebuilding everything. It will take time but we will not give up. I haven’t had time to address the team internally but thankful they have been working hard without thinking about anything but the community. I’ll try to come on video soon, been tied up coordinating and working on finding resolutions. I’m also trying to think of ideas on how to add value to the ecosystem such that it can help fill the void left by the stolen assets. All ideas around it are welcome..."

He says the crypto exchange is working on analysing data to figure out the best way forward to enable withdrawals. "We will need to first analyse all the data to come up with an action plan on what's the right formula to allow withdrawals since part of the assets have been stolen."

WazirX has launched two bounty initiatives to recover $230 million.

White Hat Recovery Bounty: The company says it will offer 10% of the recovered amount as a reward for those who assist in the recovery of the stolen funds. The company is offering 10% (maximum up to $23 Million, i.e., 10% * $230 Million = $23 Million) as White Hat Bounty to the WazirX hacker in exchange for the return of the funds to the following wallet address: ERC20 Wallet Address: 0xf381d876ce4807d1e752cf9dcdba695f312611bf".

Bounty 1: Track & Freeze the Amount

Objective: Identify, track, and provide actionable intelligence leading to the freezing of the stolen funds.

Reward: Rewards of up to $10,000 worth of USDT for actionable intelligence that leads to the freezing of the funds. "If the participant is unable to freeze the funds themselves, they should collaborate with WazirX by providing sufficient proof to facilitate the process. If the participant fails to freeze themselves and/or fails to collaborate with WazirX to facilitate the freezing of the funds, then the participant shall not be entitled to any rewards. If funds are not frozen due to the provision of non-actionable information then the Participant shall not be entitled to any rewards."

Bounty 2: White Hat Recovery

Objective: Facilitate the recovery of the stolen funds

Reward: 10% of the recovered amount as a white hat incentive. "This reward will be disbursed only after and subject to the successful receipt of the stolen amount by WazirX. The said rewards shall be payable in USDT or in the form of recovered funds at the sole discretion of WazirX," says WazirX.

Timeframe: This bounty program will run for three (3) months from the date of this announcement. However, the said time period may be amended, i.e., extended or reduced with or without notice to the participants based on requirements and results.

Notably, the company's "multisig wallets" experienced a massive security breach on July 18, which involved a loss of funds exceeding $230 million. This wallet was operated utilising the services of Liminal's digital asset custody and wallet infrastructure from February 2023. The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. The cyber attack stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents. During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. "We suspect the payload was replaced to transfer wallet control to an attacker," says WazirX.