A dedicated Crypto X account representing WazirX customers has come forward with a detailed account of the recent hacking incident that rocked the popular cryptocurrency exchange. According to insiders’ reports and information shared by the account, the hack was a well-planned attack that involved sophisticated tactics and insider involvement.
The events leading up to the hack began on July 11, 2024, when a hacker used a fake KYC account created in West Bengal to deposit ₹1 crore worth of cryptocurrency into WazirX. Over the following days, the hacker strategically purchased GALA tokens with the goal of draining WazirX’s hot wallet. By July 18, the hacker had successfully emptied the hot wallet by withdrawing GALA tokens.
In response to the hack, WazirX started transferring funds from its cold wallet to the hot wallet to meet customer withdrawal requests. However, it was later discovered that 45% of users’ funds were stored in a vulnerable cold wallet, making them an easy target for the hacker.
The hacker exploited a loophole that required only three signatures from WazirX signatories and one from WazirX’s digital custody provider, Liminal, to carry out the attack. Several signatories, including Sumit Patel, Rohit Patel, and Tushar Patel, attempted to process transactions on July 18, but many of their efforts were thwarted by a malicious payload injected by the hacker. Despite these setbacks, the hacker managed to upgrade WazirX’s cold wallet contract and gain control over the funds.
Following the hack, WazirX enlisted Google’s Mandiant to conduct a security audit, which found no evidence of compromised laptops belonging to key signatories. Similarly, Liminal’s audit by Grant Thornton revealed no breaches in their systems. The lack of security breaches in both WazirX and Liminal’s systems raised questions about how the hacker was able to bypass security protocols and acquire the necessary signatures.
The complexity of the hack, combined with the timing of the failed transactions and the successful ones, strongly suggests insider involvement. The hacker demonstrated a deep understanding of WazirX’s internal operations, including transaction data, signatures, and cold wallet structure. The fact that the hack was executed smoothly despite robust security measures further supports the theory of insider collusion.
Furthermore, the decision to store 45% of user funds in a single cold wallet raises concerns about poor fund management and internal negligence within WazirX. The repeated signing of transactions by the WazirX team, despite knowing there were errors, points to either incompetence or intentional sabotage.
In conclusion, the WazirX hacking incident highlights the importance of stringent security measures and transparency in cryptocurrency exchanges. Customers must remain vigilant and demand accountability from platforms to prevent similar incidents in the future.