In a shocking turn of events, WazirX, one of India's leading cryptocurrency exchanges, has fallen victim to a major security breach resulting in the loss of approximately $230 million in crypto assets. This incident has once again highlighted the importance of robust security measures in the world of cryptocurrencies and the need for additional regulatory oversight in India's burgeoning crypto ecosystem.

The stolen funds included various cryptocurrencies like Tether (USDT), Pepe (PEPE) and Gala (GALA). The attacker quickly changed these assets to Ether (ETH) to try to hide the stolen funds' trail.

The exchange's wallet also held about $100 million in Shiba Inu (SHIB), $52 million in ETH, $11 million in Polygon's (MATIC) and smaller amounts of other tokens.

The Security Breach

Reports indicate that hackers were able to exploit a vulnerability in WazirX's security infrastructure, gaining unauthorized access to users' accounts and siphoning off millions of dollars worth of various cryptocurrencies. The exchange has since issued a public statement acknowledging the breach and has vowed to investigate the matter thoroughly.

After the hack, WazirX immediately stopped withdrawals of both cryptocurrencies and Indian rupees on the platform. The exchange also said it was "actively investigating the incident."

When asked about the situation, Rajagopal Menon, speaking for WazirX, told Cointelegraph: "We can't talk to the press right now. You can get updates from our Twitter handle."

How did the hackers get into WazirX?

Meir Dolev, co-founder and chief technology officer of Web3 security firm Cyvers, told Cointelegraph that while we don't know the exact weakness used, some key facts have come out since the event.

First, he noted that WazirX uses a multisig wallet needing four signatures for a transaction. The exchange also uses Liminal as a custody provider, which gives the last signature on every transaction. Lastly, WazirX's wallet has a whitelist policy, with only a few wallets it can send funds to.

Dolev explained the attack: "The attacker used two different addresses, one to start the transaction and another to receive the funds. The one starting the transaction needed to pay gas fees so he funded his wallet via Tornado Cash."

"Eight days before the attack, the hacker also set up a harmful contract later used to change how the WazirX wallet worked."

He further explained that just before the first attack transaction, the attacker managed to change their multisig wallet to his harmful contract using WazirX and Liminal custody signatures. "From then on, he could make any transaction without needing WazirX or Liminal to sign it," he highlighted.

Dolev guessed that the attacker likely hacked into WazirX endpoints or laptops to get the needed signatures, possibly using a user interface (UI) hack on Liminal's side.

He said that WazirX might have thought they were signing a real transaction, and this is what they saw in the UI, which was possibly controlled by the hacker.

Liminal Custody maintains its platform's security, stating that their initial probe shows a compromise in an external self-custody multisig smart contract wallet. They affirm, "Liminal's platform remains unbreached, with its infrastructure, wallets, and assets secure."

Lessons Learned and Future Steps for India's Crypto Ecosystem

In a recent discussion, industry experts Ashish from CoinSwitch and Sumit Gupta from CoinDCX shared their insights on the WazirX hack and its implications for the broader crypto exchange landscape in India. The incident has shed light on the evolving nature of security challenges in the crypto space.

Ashish highlighted that while this is not the first incident of its kind, it underscores the importance of continuously updating security practices in the crypto industry. CoinSwitch, for example, works with top custody providers and regularly updates its security measures to protect user funds.

Sumit Gupta echoed these concerns, emphasizing the need for high security standards across all exchanges. He stressed that security is an ongoing process that requires constant vigilance and system upgrades, rather than a one-time checklist.

The hack also had an impact on investors. Dilip Chenoy discussed the situation, acknowledging WazirX's efforts to recover the stolen funds and implement a bounty program. However, he advised investors to exercise patience and highlighted that WazirX, like other institutions facing similar breaches, is working closely with authorities and following best practices to address the issue.

To prevent future incidents, the panelists outlined several steps their respective exchanges are taking. Ashish emphasized the importance of adopting global security standards and maintaining transparency. CoinSwitch, for instance, declared Proof of Reserves (POR) after the FTX incident to demonstrate their commitment to security.

Edul and Sumit highlighted the necessity of regular security audits, both internal and external, and the importance of maintaining a dedicated team to identify and fix potential attack vectors.

The role of regulation and investor protection was also discussed. Dilip Chenoy addressed the misconception that Indian firms are not prioritizing cybersecurity. He explained that exchanges are adopting global best practices and collaborating with top security talent. However, he emphasized the need for improved regulation to ensure user protection.

Sumit elaborated on the lack of specific regulations in India compared to traditional banking systems. He emphasized the importance of insured custodians to safeguard investor funds and highlighted that historical incidents like Mt. Gox have shown that investors often recover a significant portion of their funds over time.

Overall, the WazirX hack has prompted industry experts to reevaluate security measures and advocate for stronger regulations to protect investors in India's crypto ecosystem.

Lessons for India's Crypto Ecosystem 

1. Security First

Security should be the top priority for any cryptocurrency exchange or platform. Implementing strict security protocols, regular security audits, and staying updated on the latest security innovations are crucial to safeguarding users' funds.

2. Regulatory Oversight

India's cryptocurrency regulations have been a topic of debate for quite some time. This incident underscores the need for clearer regulations and oversight to protect investors and prevent such breaches from occurring in the future.

3. Education and Awareness

Educating users about the risks associated with investing in cryptocurrencies and the importance of safe trading practices is essential. Users must be vigilant about safeguarding their private keys, using multi-factor authentication, and conducting due diligence before choosing a platform to trade on.

4. Transparency and Communication

In the event of a security breach, transparency and timely communication with users are key. Exchange platforms must be open about the breach, provide regular updates on the investigation, and offer support to affected users.

5. Building Trust

Rebuilding trust after a security breach is challenging but essential. Exchange platforms must take concrete steps to enhance their security measures, compensate affected users if possible, and demonstrate a commitment to preventing future breaches.

What this means for India's crypto sector

This hack could greatly impact India's cryptocurrency sector, which has grown despite government pressure.

Utkarsh Tiwari, chief strategy officer for Indian crypto exchange KoinBX, told Cointelegraph that such a big security breach will surely cause worry as it affects many parts of the crypto ecosystem, including regular investors and other exchanges. He added:

"As G20 president, India has pushed for complete and standard rules for all global Virtual Assets Service Providers. Also, the Indian government has always put investor protection first."

So, Tiwari thinks Indian digital asset exchanges will likely spend more on advanced security. He believes this can show how strong and innovative the Indian digital asset market and community are.

India's crypto industry is hoping for possible relief from the country's strict crypto tax rules.

Recent: Elon Musk criticizes EU over 'illegal' free speech deal India's Finance Minister Nirmala Sitharaman will present the Union Budget for the next fiscal year on July 23, and the crypto sector hopes for good changes.

Since 2022, India has had one of the world's toughest tax systems on cryptocurrency. There's a flat 30% tax on profits from digital assets, including NFTs. Also, a 1% tax is taken at source (TDS) on crypto transactions.

Sumit Gupta, CEO of Indian exchange CoinDCX, has been asking for the TDS rate to be lowered to 0.01% in the upcoming budget. These tax measures have greatly affected Indian crypto exchanges.

North Korean involvement suspected

Analysts suggest North Korean hackers may be behind the incident, adding geopolitical complexity to the situation.

Elliptic, a blockchain forensics firm, told Cointelegraph that data indicates North Korean involvement, explaining, "The attribution is based on analyzing onchain transaction behavior and other info. Certain patterns and techniques are typical of this actor type."

ZachXBT echoed this, noting the hack's potential Lazarus Group hallmarks — a notorious North Korean criminal organization with a long cybercrime history.

Since 2017, Lazarus has plagued the crypto space, likely behind major exploits like the $600 million Ronin Bridge incident.

The hack caused significant crypto market turbulence. Over $100 million in SHIB tokens were stolen, causing the popular memecoin's price to drop 10%.

Lookonchain reported on July 19 that the attackers had begun swapping SHIB for ETH, selling 35 billion SHIB worth $618,000. The exploiter had exchanged most assets for 43,800 ETH ($149.46 million) and held 59,097 ETH ($201.67 million) total.

Recent: Are airdrops failing? Web3 might need a new approach

WazirX has acted quickly to minimize damage and recover funds. They've filed a police complaint and are pursuing legal action. The exchange has reported the incident to the Financial Intelligence Unit and Indian Computer Emergency Response Team, and is contacting over 500 exchanges to block identified addresses. WazirX stated, "Many exchanges are helping us, and we're working with them on more resources for our recovery efforts."

The exchange has stopped withdrawals and is investigating the incident. When asked, Rajagopal Menon, a WazirX spokesperson, told Cointelegraph, "We can't comment now. Check our Twitter for updates."

This hack could significantly impact India's growing crypto sector, which has flourished despite government pressure. Utkarsh Tiwari from KoinBX told Cointelegraph that such a major breach will cause concern across the crypto ecosystem. He added that as G20 president, India has pushed for comprehensive global Virtual Assets Service Provider regulations, always prioritizing investor protection.

Tiwari believes Indian exchanges will likely increase investment in advanced security, showcasing the Indian digital asset market's strength and innovation.

While the security breach at WazirX is undoubtedly concerning, it also serves as a wake-up call for India's crypto ecosystem to prioritize security, regulation, education, transparency, and trust-building efforts. By learning from this incident and implementing necessary changes, stakeholders can work towards creating a safer and more resilient environment for cryptocurrency investors in India.