The cryptocurrency world has always been unpredictable, with several opportunities and drawbacks, the latter comprising scams and security breaches. While scams targeted users via fake websites and offers, security breaches targeted organizations and looted their funds. Since its inception, the digital asset industry has had its fair share of both scams and security breaches.
However, the security breach on WazirX startled several traders and investors. The massive breach not only exposed deep security flaws but also raised serious questions about transparency, accountability, and regulatory oversight in the digital asset ecosystem.
Table of contents
The Inception of WazirX
Launched in 2017, the exchange was founded by the trio – Nischal Shetty, Sameer Hanuman Mhatre, and Siddharth Menon – to provide a simple and accessible way for Indian users to trade digital assets. With a user-friendly interface, INR compatibility, and a wide range of digital assets, WazirX became a name to reckon with among novice and experienced traders. Later in 2019, the exchange garnered global attention following its collaboration with Binance, the world’s largest cryptocurrency exchange, boosting user trust and positioning WazirX as the most prominent exchange in the country.
Sinister Activity
In the early hours of July 18, 2024, the crypto exchange experienced suspicious activity on the platform, resulting in transactions taking longer to process. Usually completed within seconds, the withdrawals initially took minutes and extended to hours. When concerns were raised over the same, the exchange cited technical glitches. However, onchain sleuths noticed that large amounts of funds from Wazir-linked wallets were being deposited on unlabelled addresses, and by the end of the day, a staggering amount of over $230 million had vanished, revealing one of the largest single exchange thefts in Indian history.
How the Attack Unfolded
Investigations revealed that WazirX’s multisig wallet had been compromised, and the perpetrators usurped the amount. Notably, the multi-sig wallet is controlled by five in-house WazirX signatures and a Liminal signature, its custodian. Although the control of the wallet is handled by many, for initiating transactions, three WazirX signatures and the custodian’s signature are enough.
Making use of this situation, the hackers created a fake WazirX account, deposited tokens, and began purchasing Gala (GALA) tokens to gain internal transaction history. When the multisig wallet was accessed by the legitimate signatures, the hackers altered the smart contract without the need for Liminal’s signature. After they took full control, the hackers drained the funds in both the hot and cold wallets to mixers.
Responsibility Issues
With the funds gone, users attacked not just WazirX, but also Binance, since it had collaborated with the exchange. However, after Binance announced its connection with the exchange, they had been bitter incidents concerning their roles. While Binance insisted that it merely supplied wallet infrastructure and compliance tools, WazirX’s founders stated that they had access only to purchase agreements and brand control. When the hack hit, Binance disavowed operational responsibility, leaving users and regulators in a fix over who has the ‘real’ control. Further, this misunderstanding delayed users from getting a concrete answer about the fund theft.
A shockwave for users
Following the hack, trading halted for a week, and many saw portfolio values fall 10%-15% overnight, igniting furious Telegram groups and X Spaces, where victims discussed legal strategy and cold-storage options. Despite partial withdrawals, the platform’s four million customers showed low enthusiasm, and many moved out of the centralized exchange, taking with them their remaining funds to be deposited in hardware wallets that they controlled.
Legal Tangle
The case of the WazirX hack was taken over by India’s Enforcement Directorate (ED) and the Mumbai Cyber Cell collected server logs, IP records, and multisig histories, while Interpol and Europol were alerted after blockchain analytics firms linked some laundering addresses to wallets linked to a North Korean group, possibly, the Lazarus Group, known for committing several crytpo hacks. Meanwhile, rival exchange CoinSwitch sued WazirX to recover its funds. Reportedly, the exchange has Rs 12.4 crore in Indian rupees, Rs 28.7 crore in ERC20 tokens, and Rs 39.9 crore in other tokens stuck on WazirX.
Under pressure, Wazir hired members to run a full forensic audit, pledging a public report by Q3 2025. Further, the exchange posted a 10 percent bounty, roughly $23 million, for information leading to fund recovery. Critics warned that the action was rash, stating that it would attract opportunists rather than genuine allies. Presently, WazirX is under a court-ordered moratorium that allows it to revise its restructuring plan following the hack.
Tentative solution
Proposing a Scheme of Arrangement, WazirX planned to introduce blockchain-based recovery tokens, aimed at covering 75% to 80% of lost funds. WazirX’s recovery strategy involves issuing Recovery Tokens (RTs) backed by liquid assets, and the purchases will be financed through net profits. The platform also aims to restart operations with enhanced features, prioritizing creditor recoveries through systematic asset distribution.
Zensui’s New Beginning
Amid tightening crypto regulations in Asia, WazirX rebranded to Zensui and moved to Panama from Singapore. This move is part of its efforts to separate its activities after a $230 million hack and the current court proceedings of parent company Zettai Pte Ltd. As Singapore continues to impose stricter requirements on compliance, Panama provides a less rigid regulatory framework to Zensui. The transition has raised user concern due to withdrawal delays and a lack of clear leadership communication. Industry observers consider the move as part of a larger trend in which crypto firms are moving operations to evade legal pressure as they attempt to keep services running and restore confidence among their users.
Final Thoughts
The WazirX hack stands as a stark reminder of the vulnerabilities in centralized crypto systems. While investigations and recovery efforts continue, the incident has triggered a wider push for transparency, security, and regulation in India’s digital asset space. It also highlights the urgent need for user education, strong legal frameworks, and better custodial practices to protect investors from future disasters.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
