Users of Indian crypto exchange WazirX have been told that they are likely to lose more than 40% of any funds they had on the platform, following a $234 million hack in July.

WazirX is currently undergoing a restructuring process in the wake of the hack and last week asked Singapore’s high court for “breathing space” to allow it to work on finding the “fastest and most effective process for users to receive improved token recoveries.”

However, as reported by TechCrunch, according to the restructuring firm working with WazirX, customers will likely have to give up “at least 43%” of their funds.

Kroll director George Gwee said that the best users could hope for would likely be “anywhere between 55% and 57% of the funds,” with WazirX stating that its priority would be to distribute remaining token assets to users in a pro-rata manner via crypto.

According to the firm, “The impact from the cyberattack will be allocated pro-rata across users who rank equally with each other as unsecured creditors.”

It added that “users will receive a share of available token assets associated with the platform proportionate to their share of all users’ unsecured claims for their account balances.”

Any approved scheme is expected, according to the firm, to “take at least six months and is the fastest route to allowing the reopening of cryptocurrency withdrawals.”

Read more: Mt. Gox to start creditor repayments next month, asks users to ‘wait a while’

WazirX says it will be holding a town hall via video conference in the week commencing 2 September 2024 to explain the key features of the requested moratorium and to address user questions.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post WazirX users can expect to lose 40% of their funds, report appeared first on Protos.

Indian crypto exchange WazirX lost over $230 million worth of assets after addresses governing its multisig wallet were compromised.

Cyvers was the first to flag the outflows, identifying the compromise of WazirX’s Safe wallet by a Tornado Cash-funded attacker on the Ethereum network.

Read more: Hackers switching to centralized exchanges to fund crypto attacks

The alert was followed up by crypto sleuth ZachXBT, who shared the hacker’s primary address, later receiving a bounty for identifying a further funding source that came from an exchange with know-your-customer (KYC) procedures.

WazirX’s acknowledgment of the ‘security breach,’ posted approximately half an hour after the initial alert, states that to “ensure the safety of [customers’] assets, INR and crypto withdrawals will be temporarily paused.”

Safety in numbers?

The affected wallet is a Safe ‘multisig,’ a type of account that requires a specified threshold of authorized addresses in order to confirm transactions. This ostensibly makes multisigs more secure than a regular address controlled by a single private key.

However, in this case, a single malicious transaction was all that was needed to drain WazirX of $230 million worth of crypto assets.

The exploiter was able to pass the transaction either by compromising the authorized addresses directly or via the use of social engineering techniques on the signers.

After describing the incident as ‘Desi Mt. Gox,’ Polygon Network’s CISO, Mudit Gupta posted a full analysis of the hack to X (formerly Twitter). He notes that two addresses were likely compromised, with a further two signatures needed to hit the multisig’s threshold for approving transactions.

Read more: Mt. Gox site down for 24 hours, creditors flag scam login emails 

Gupta highlights that “two signers were tricked into signing malicious transaction (sic) in the name of a normal USDT transfer.”

These two signatures were later used to modify the logic of the Safe multisig wallet, allowing the hacker’s own attack contract (deployed eight days ago) to automate token transfers, which sent the assets directly to the attacker’s address.

Laundering the loot

At the time of writing, the hacker’s primary address contains $136 million of ETH and other tokens, according to data from blockchain explorer Etherscan. 

Much of the stolen assets are gradually being moved on to additional addresses, where they are swapped for ETH. Some funds were also traced to exchanges ChangeNOW and Binance, according to Beosin, which tallied over 200 tokens that had been drained.

SHIB represented almost $100 million of the total loss. Around a third of this has been sold, resulting in a price drop of almost 10%, according to data from CoinMarketCap

Based on the attack vector and funding/laundering patterns, Gupta, ZachXBT, and blockchain forensics firm Elliptic all suspect the hack was carried out by a team of North Korean hackers known as the Lazarus Group.

Read more: Axie co-founder hacked for $10M two years after $625M Ronin attack

Lazarus is suspected to be responsible for a seemingly endless stream of crypto hacks, including last year’s $41 million hack on crypto casino Stake and the $625 million hack of Axie’s Ronin Bridge in 2022.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post A single malicious transaction led to $230M drained from WazirX appeared first on Protos.

Crypto sleuth ZachXBT has claimed his second bounty after submitting ‘definitive’ evidence of the KYC-deposit address used by a hacker to cash in on the $235 million WazirX hack. 

Arkham posted the bounty this morning offering 5,000 ARKM (~$8200) to anyone able to identify the KYC centralized exchange deposit, the exploiter’s identity, or help return stolen funds.

Indian crypto exchange WazirX was hacked on July 18 and funds, including $100 million worth of SHIB and $52 million in ETH have reportedly already been sold.

Read more: Is CertiK running a BS bug bounty program?

ZachXBT told Protos that he was already following the WazirX hack and that submitting evidence for the bounty was as simple as exporting a graph. He added that it wasn’t super difficult to identify the relevant centralized exchange deposit address. 

He also shared his method of tracking the exploiter’s transactions, noting that the WazirX hack “has the potential markings of a Lazarus Group attack (yet again).” Blockchain analysis firm Elliptic shared similar suspicions that it could be linked to the North Korean hacking collective.

ZachXBT previously claimed a $150,000 bounty from Arkham that asked for evidence identifying the creator of the Donald Trump-themed DJT token. Indeed, he submitted evidence that Martin Shkreli was DJT’s creator which Arkham accepted as ‘definitive’ proof.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Crypto sleuth ZachXBT wins second Arkham bounty after WazirX hack appeared first on Protos.

Binance chief Changpeng Zhao (CZ) has started a dispute with WazirX co-founder Nischal Shetty. Binance claimed to have acquired India’s largest crypto exchange in November 2019. Now, after the government raided WazirX, Binance claims the acquisition never consummated.

CZ claims that WazirX refused to transfer control of its source code and administrative credentials even though Binance requested it as a suitor during the merger process. As a result, CZ claims that Binance does not currently own WazirX.

Shetty refutes CZ’s claims, saying that WazirX sold its technology to Binance and that Binance is responsible for payments. He says he cannot comment further for legal reasons.

WazirX has legal issues in India

WazirX initially appeared on the Enforcement Directorate’s radar in June 2021. The Enforcement Directorate was investigating allegations of money laundering by illegal online betting organizations based in China. It issued a notice requesting information on transactions worth 27.91 billion Rupees ($382 million) under India’s Foreign Exchange Management Act.

At the time, WazirX denied receiving any “show cause” notice from the Enforcement Directorate. A show cause notice requires private entities to appear in court to explain their side of an issue.

The Indian government raided properties owned by WazirX director Sameer Mhatre and froze $8.1 million in WazirX funds before CZ distanced Binance from WazirX.

India’s Enforcement Directorate alleges that WazirX:

• Laundered money for 16 fintech firms accused of financial crimes.
• Provided confusing and contradictory information about its operations and obscured information about its ownership.
• Failed to turn over the crypto transactions of certain suspect businesses or bank accounts.

Shetty claims that WazirX’s Singapore-based parent company, Zettai, and Binance have discussed the ownership issue for several months. He has rejected a joint venture offer, insisting that acquisition is legally binding.

Both companies proclaimed the acquisition occurred

In the past, both parties have repeatedly stated that Binance acquired WazirX. However, CZ now alleges the firm never completed the transaction.

Binance announced the acquisition in a blog post dated November 20, 2019. It planned to use the so-called Binance Fiat Gateway to enable Indian residents to buy and sell digital assets using the Indian Rupee.

On August 5, 2022, Binance amended its blog post to clarify that it bought assets and intellectual property belonging to WazirX and does not own any equity in Zanmai Labs, which is the operator of WazirX. Zanmai Labs is a subsidiary of Zettai, the ultimate parent company over both.

Binance also claims that it does not control WazirX’s operations. It outsourced the work to Zanmai Labs. Some of WazirX’s original creators founded Zanmai Labs as a subsidiary of Zettai.

Shetty claims that WazirX sold its technology, brand, domain, and product. He says he has legal documents to prove the acquisition occurred and that he can show a license to operate trading between the Indian Rupee and digital assets on WazirX.

Journalist and crypto critic Jacob Silverman accused CZ of being “evasive” about who owns WazirX.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.

The post WazirX chief insists Binance bought the troubled crypto exchange appeared first on Protos.