WazirX 234M Dollar Haul
WazirX, one of the largest cryptocurrency exchanges in India, lost approximately $234 million in the form of a cyberattack; however, Indian authorities have recently made great developments in cracking this case. In West Bengal, police arrested one SK Masud Alam, who was accused of creating a fake account that was eventually used in the attack. The arrest of Alam also marks an important step in breaking apart the strands of this multi-faceted hacking case.
Alam was allegedly involved in the WazirX breach.
As Cryptonews reported, Alam opened a WazirX account under the alias “Souvik Mondal,” according to an extensive police charge sheet. This then got sold on Telegram to a user with the name M. Hasan who carried out the hack with this account. Once he gained control of the fraudulent account, Hasan purportedly circumvented WazirX’s security measures and began conducting unauthorized actions. This is a new development and indicative of an organized attack, in which the hackers had to have used third-party exchanges to conduct between compromised accounts.
Related News: WazirX to Relaunch in February 2025 After $235M Hack
Collaboration and Complications in the Probe
Though WazirX has been completely transparent with authorities supplying KYC, transaction history, and other documentation needed to progress the case through law enforcement channels, a problem arose through one of WazirX’s security providers, Liminal Custody. Liminal Custody, which is in charge of the platform’s digital asset security, has been criticized for not responding to repeated inquiries by authorities. While Liminal initially announced that it “does not appear” to have any front-end or user interface breaches, investigators are looking more closely at the exchange due to a lack of transparency.
The chargesheet notes that the investigation against liminal custody will continue, and further a supplementary report regarding their possible culpability is likely to be filed.
The security of a multi-signature wallet
Following the hack, investigators are also examining the security of multi-signature wallets on the platform that entail multiple authorizations to process a transaction. Three laptops were seized from WazirX, allegedly used by authorized personnel to operate these wallets. The move was designed to prevent any more assets from being misappropriated this way, with those multi-signature protocols commonly deployed as an extra layer of security on cryptocurrency exchanges.
The same investigation, backed by the Indian Cyber Crime Coordination Centre (IFSO), found that WazirX internal or external systems showed no evidence of a compromise. The implication here is that the breach in security may have mainly been about the account being misused by Alam without really having broken into WazirX itself.
What Next for WazirX and Law Enforcement in India?
The collaboration between Indian law enforcement and WazirX has also remained extremely vital, emphasizing how the exchange is quickly alerting authorities. In the manner in which WazirX has been responsive in providing KYC data and transaction records, investigators have managed to trace the origin of the hack and subsequent movement of assets post-breach.
Onwards from here, the arrest of Alam unfolds new lines of inquiry, especially into how security protocols were bypassed in such a way. The investigation is still active, and additional inspection regarding liminal custody is slated. This widely publicized case highlights just how fragile the cryptocurrency ecosystem can be, particularly regarding account security and using third-party custodians.
This story is ongoing, but in the meantime, it is a reminder to crypto exchanges all over the globe that they have very high responsibilities in setting their security standards and transparency regarding digital asset protection from future breaches.
