WazirX Planning on Reversing User Trades to Reflect Balances Before $235 Million Hack

Indian cryptocurrency exchange WazirX is planning on reversing all transactions on its platform to get account balances to reflect the amounts they did on July 18. The platform experienced a $235 million exploit on that day as North Korean hackers ransacked its Ethereum-based multisig cold wallet.

With that, all affected user accounts will receive the amounts the bad actors stole. In an announcement on August 8, the exchange stated, “After careful consideration of the situation and the feedback received from numerous users, we are constrained to restore the balances of all accounts and undo all trades carried out on the WazirX platform following the stoppage of withdrawals on 18 July 2024, 1 PM IST.”

WazirX will execute this process in the “next few days,” with the exchange set to notify users whose trades will be reversed. It further stated, “This decision has not been made lightly and aims to protect the integrity of our platform and facilitate an equitable outcome for users following the abnormality arising as a result of the cyberattack which occurred on 18 July 2024.”

As the exchange takes action to rectify the situation for its users, it is important to note the gravity of the exploit. WazirX lost 45% of its assets under management (AUM) because of the attack, as the hackers drained at least $100 million in SHIB, over $50 million in ETH, and about $80 million in other assets like USDT, MATIC, and more. This hack is the second biggest this year, followed by the one experienced by the Japanese exchange DMM Bitcoin. It had over 4,500 bitcoins worth $305 million stolen due to a private key compromise.

WazirX’s woes resulted from its multi-sig wallet being compromised. It was managed alongside the digital asset custodian Liminal, which held one of the keys to the wallet, with the WazirX team holding five others. Hackers manipulated Liminal’s interface used by WazirX employees overseeing transactions from its cold wallet used.

Three keys from WazirX’s team thus signed a malicious transaction masked to look real. Liminal, too, thought the transaction was legitimate and signed it. The custodian is responsible for approving transfers to whitelisted wallets. The attackers led everyone involved with approving the transaction to believe it was being routed to a trusted wallet address.