WazirX, a leading digital asset trading platform in India, is facing a petition with the National Company Law Tribunal (NCLT) in the wake of $230 million crypto asset theft that shook the very foundations of the Indian crypto community.
Notably, the hack took place on July 18 and was a result of the exchange’s Safe Multisig wallet on Ethereum being compromised by the attackers. This resulted in several fingers being raised at the exchange’s security measures and the safety of users’ funds.
The hack occurred on July 18th as a result of the exchange’s Safe Multisig wallet on Ethereum being compromised by the attackers. The incident not only cast a shadow over WazirX’s platform integrity but has also fueled concerns over the security protocols in place for the safety of users’ funds.
WazirX Under Siege
According to sources familiar with the matter, WazirX, its infrastructure partner Liminal, and other associated entities are facing scrutiny following an August 5th petition filed in Indore, India. The petition invokes Section 213(b) and Section 221 of the Companies Act, 2013, potentially triggering an investigation into the company’s internal affairs due to suspected mismanagement.
Section 221, on the other hand, allows the petitioner to freeze the company’s assets, which means that WazirX might be in for a hard time, and its users who may face withdrawal issues. “Emails have been sent to all the respondents notifying the same,” confirmed the source.
The petition lists several respondents, including the Ministry of Home Affairs, the Ministry of Finance, the Ministry of Corporate Affairs, and the Serious Fraud Investigation Office, in addition to WazirX, Liminal, and their directors and founders.
Gauransh Vyas from Indore, a legal intern with the Supreme Court of India, was the person who filed the petition and in a statement given to MoneyControl, WazirX confirmed the petition and denied all the allegations mentioned in the filing. The WazirX spokesperson said:
“We will respond as per the prescribed procedure under law before the NCLT. The NCLT will decide the weight of the petition on legal grounds.”
Regulatory Implications
The WazirX hack and the ensuing petition have serious implications for the crypto community in India. Utkarsh Tiwari, Chief Strategy Officer at Indian cryptocurrency exchange KoinBX, expressed deep concern about the recent security breach in an interview, noting its wide-ranging impact on the crypto ecosystem, including retail investors and other exchanges.
He highlighted that during the G20 session in India, the government advocated for comprehensive, standardized regulations for global Virtual Asset Service Providers (VASPs). Reflecting on India’s regulatory history, Tiwari emphasized that investor protection has always been a priority for the Indian government. In response to WazirX, Tiwari anticipated that Indian digital asset exchanges will significantly bolster their security infrastructure, adding that this move will not only protect investors but also demonstrate the resilience and innovative spirit of the Indian digital asset market.
Interestingly, the government of India has been quite strict when dealing with international exchanges. On December 28, 2023, the Financial Intelligence Unit (FIU), a branch of India’s Ministry of Finance responsible for monitoring financial offenses under the Prevention of Money Laundering Act, issued a noncompliance notice to several foreign cryptocurrency exchanges, including Binance, HTX, Kraken, Gate.io, KuCoin, Bitstamp, MEXC Global, Bittrex, and Bitfinex, for operating illegally in India.
This crackdown on foreign crypto exchanges sent shockwaves through the Indian crypto trading community, particularly among those who had turned to these platforms to avoid the 30% tax on cryptocurrency trading profits imposed by the Indian government. Nearly $4 billion worth of crypto assets were stranded on these offshore platforms, with Binance holding almost 80% of these assets. The report also highlighted research indicating that Indian traders’ use of foreign exchanges is costing the Indian government approximately 30 billion rupees (about $361 million) in lost tax revenue annually.
With the WazirX hack causing panic in the Indian crypto space, there is a strong possibility that the government might force these platforms to improve their security infrastructure. India’s Bharat Web3 Association (BWA) is also working on increasing the security levels and protection of investors’ money in the crypto space. As per a report, the BWA formed two new internal groups to address these security issues and prevent such incidents in the future.
User Funds at Risk
WazirX halted withdrawals just after the hack on July 18. Following this, the exchange came up with a “socialized” loss strategy which would distribute the loss evenly among all the exchange’s users and a single person wouldn’t be burdened with the same. In this process, over 55% of a user’s crypto assets will be available for trading but 45% would be converted to stablecoin Tether USD and then locked on the exchange.
The plan was strongly criticized with community members asking WazirX to be transparent and not come up with such solutions. On the other hand, CEO Nischal Shetty continued to ask for more time from the community for a substantial plan
Finally, the firm decided to restore all the users’ balances to what they were on July 18 1 PM IST which resulted in many happy faces and the alleviation of fears to an extent. WazirX said in a post:
“This decision has not been made lightly and aims to protect the integrity of our platform and facilitate an equitable outcome for users following the abnormality arising as a result of the cyberattack which occurred on 18 July, 2024.
Is WazirX Safe?
Web3 security firm Cyvers uncovered “multiple suspicious transactions” linked to WazirX’s Safe Multisig wallet on Ethereum on July 18. According to a post on X, it appeared that $234.9 million worth of funds from the Indian crypto exchange’s Safe Multisig wallet were transferred to a new address. Notably, each of these transactions was funded through Tornado Cash, a decentralized protocol known for facilitating private transactions.
The new address converted the transferred assets, which included Tether (USDT), Pepe (PEPE), and Gala (GALA), into Ether (ETH). In a Telegram post within the “Investigations by ZachXBT” channel, well-known crypto investigator ZachXBT revealed that the primary suspected attacker’s address still holds over $104 million worth of assets to be sold off.
The compromised wallet initially contained approximately $100 million in Shiba Inu (SHIB), $52 million in ETH, and $11 million in Polygon (MATIC). It also held $4.7 million in FLOKI, $3.2 million in Fantom (FTM), $2.8 million in Chainlink (LINK), $2.3 million in Fetch.ai (FET), along with a variety of other tokens.
In light of the security breach, WazirX had temporarily suspended withdrawals of cryptocurrencies and Indian rupees on its platform. The exchange, through an official X post, assured users that they are “actively investigating the incident” and will provide updates as the situation develops.
Community Reactions
The crypto community was not happy with the WazirX hack and voiced their concerns via X. The majority of backlash was due to WazirX’s “socialized” loss strategy and the conversion of a part of the users’ funds to stablecoins.
They have taken our hard earned money, how dare they? This is not just about funds, it’s about our rights and our fight for justice. We cannot wait for someone else to rescue us, this is our battle to win. Wake up and join us, please.
The WazirX users living in Dubai held discussions to take action against the company in Dubai and make the digital asset trading platform take responsibility for its actions. Some X users said that if the Indian government is not helping the crypto investors to recover the funds, the Dubai government would.
A Public Interest Litigation (PIL) will be filed against WazirX and CEO Shetty, as per an X post and the unofficial copy of the legal draft was also shared on X. It is clear that the digital asset sector is not happy with the way that WazirX has handled the exploit.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.