As someone who has been closely following the cryptocurrency scene for several years now, I find myself deeply concerned about the current situation unfolding with WazirX. Having seen both successes and failures within this space, I can’t help but feel a sense of frustration seeing users’ hard-earned funds locked away without any clear path towards recovery.
Account holders affected by the WazirX hack share their personal experiences, highlighting the genuine impact of the incident. Meanwhile, industry specialists express doubts about whether the platform’s recovery measures will adequately rebuild trust.
Table of Contents
The beginning of the crisis
On July 18th, the extensive Indian cryptocurrency community experienced a significant jolt as WazirX, the nation’s leading cryptocurrency exchange, fell prey to a large-scale cyber attack.
Reportedly, it’s said that the notorious Lazarus Group from North Korea executed an attack leading to a massive depletion of approximately $235 million in cryptocurrency holdings.
The hackers initially stole 15,298 Ethereum (ETH) before swapping various tokens, including Shiba Inu (SHIB), Polygon (MATIC), and Pepe Coin (PEPE), ultimately amassing 59,097 ETH in total.
Due to this significant issue, WazirX struggled to keep their assets’ collateral at a 1:1 ratio, which could have led to instability within the platform.
To control the situation, WazirX momentarily halted all withdrawals, whether for Indian Rupees or cryptocurrencies. Regrettably, this swift action worsened the problem, making it difficult for users to retrieve their funds, even in urgent situations.
Over forty-five days have elapsed, and yet, the withdrawal process continues to be delayed. In the meantime, social media platforms are buzzing with disgruntled users who feel neglected due to this situation.
It appears that WazirX hasn’t offered significant information regarding their recovery efforts, and it seems like they are discussing the issue more than actually taking action. This lack of action has left users uncertain about whether or not they will be able to retrieve their assets, as they remain in the dark about any potential timeline for recovery.
Let’s examine the present circumstances more closely, identify user frustrations, and assess where we currently stand, roughly two months into this challenging period.
A series of missteps
After the severe data breach on July 18, WazirX’s response to the incident seemed to be a chain of errors, further eroding the trust of its users.
July 18: the blame game begins
On the very same day following the hack, WazirX tried to shift blame towards their digital custodian partner, Liminal.
As a researcher delving into the intricacies of digital currency transactions, I recently came across a statement by WazirX on platform X, suggesting an association between the recent exploit and a discrepancy in a multisignature wallet that utilized Liminal’s custodial services.
At WazirX, prioritizing transparency and community well-being is our top priority. Unfortunately, we experienced a cyber attack on one of our multi-signature wallets. Here are some initial findings to help explain the situation:
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024
The company indicated that the information shown on Liminal’s interface didn’t align with the true details of the transaction, implying that the problem likely originated from Liminal.
On the contrary, Liminal promptly refuted any blame, stating instead that their infrastructure remained secure. In a comprehensive blog post, they emphasized that all wallets, including WazirX’s, were unharmfully protected.
Liminal indicated that the attack was complex, utilizing harmful software on three of WazirX’s devices, each aimed at a particular Gnosis Smart Contract Multi-Sig wallet (the details about the wallet remained undisclosed). In doing so, the custody firm avoided any liability, instead directing the blame back towards WazirX.
Following the aftermath of the incident, various cryptosecurity companies started expressing their opinions on possible causes behind the hack. Prior to the attack, TruthLabs flagged potential issues with WazirX’s security measures, suggesting there might have been pre-existing weaknesses that could have facilitated the breach.
A thread revealing questionable practices and potential security flaws by WazirXIndia, which may have resulted in their customers losing approximately $230 million worth of assets. Here’s the breakdown:
— TruthLabs 🫡 (@BoringSleuth) August 1, 2024
WazirX maintains that all the allegations are unfounded, stressing that they adhere to top-tier industry standards and utilize a system where several individuals hold the keys for their multi-signature wallets.
July 27: the socialized losses controversy
On July 27th, WazirX made a highly debated decision by proposing a “shared loss” initiative.
The exchange proposed that users would only be able to access 55% of their assets, while the remaining 45% would be locked as USDT-equivalent tokens. Two recovery options were presented to users:
- Option A allowed users to access 55% of their assets for trading, with priority for recovery proceeds.
- Option B permitted staggered withdrawals of the 55% but gave lower recovery priority.
The initial proposal for this plan, presented as a means to share losses equitably, faced strong criticism from users almost immediately. Many users perceived the idea as unjust, believing that WazirX aimed to transfer the consequences of the hack onto its users, thereby undermining the confidence in the platform even further.
Why is it suggested to share this strategy with others?
Investing in a coin and subsequently losing money due to hacking is a risk the investors took on willingly.
But why should those who managed to keep their assets safe be responsible for compensating them?
Those whose assets were not affected by the hack should have access to a full withdrawal.
— Kalpit Veerwal (@kalpitveerwal) July 27, 2024
As a crypto investor, I find myself questioning the fairness of the current situation. Since my funds have been stolen, it seems unfair that I should bear the entire loss. If your exchange is generating profits, shouldn’t those profits be redistributed among all investors?
— Indian (@Resourc12710791) July 27, 2024
Swiftly, the commotion arose, necessitating WazirX co-founder, Nischal Shetty, to explain that the survey wasn’t legally obligatory but merely intended for gathering opinions. (Maintaining the original structure and meaning while using more natural, conversational language)
Taking this poll helps us gauge your viewpoints initially.
— Nischal (Shardeum) 🔼 (@NischalShetty) July 29, 2024
August 14: ending the custody partnership with Liminal
Over the course of several weeks, there were back-and-forth exchanges of accusations between parties, with WazirX working to restore its reputation. On August 14, the exchange disclosed that it was ending its collaboration with Liminal Custody. According to WazirX, this move was made in an effort to bolster security by transferring the remaining assets to new multi-signature wallets.
In response to the situation, WazirX brought on Mandiant, a Google-owned cybersecurity firm, to perform a detailed investigation into the affected computers. Per WazirX, this report showed no signs of misconduct on their part, which has only added fuel to the growing disagreement between the two companies.
Liminal accused WazirX of swiftly pinning blame on their laptops following the event without any solid evidence. Instead, WazirX opted to engage Mandiant, a renowned forensic team owned by Google, for an in-depth examination of all three laptops implicated in the incident.
— Nischal (Shardeum) 🔼 (@NischalShetty) August 19, 2024
On the contrary, recent findings from Liminal present a contrasting scenario. An in-house probe by Liminal, corroborated by an external review by Grant Thornton, uncovered no indications of system breaches within their network.
In this blog post, we’re reassuring you that the audit found our platform, including both the frontend and backend as well as the user interface (UI), to be secure. Rest assured, Liminal’s self-custody wallet services, which keep your private keys safe with you, are not susceptible to the kind of breach experienced by WazirX.
Since then, Liminal has made clear that no assertions linking the vulnerability to their services are backed up, and they continue to believe that the security breach was caused by problems within WazirX’s own infrastructure.
To summarize, findings from both parties suggest that an external cause initiated the security breach. Yet, it’s unclear precisely where the vulnerability leading to the intrusion was located.
WazirX’s dubious withdrawal strategy
With the ongoing turmoil surrounding WazirX, users faced yet another setback as the platform announced stricter withdrawal policies. This only intensified the disappointment within the user community.
On August 23rd, WazirX decided to lift the hold on Indian Rupee (INR) withdrawals as a way to please their users. But, there was a condition attached.
Although the platform assured the safety of INR balances, it revealed that just two-thirds of user’s Indian Rupee funds could be withdrawn immediately. The remaining amount is currently unavailable for withdrawal as a result of ongoing legal disputes and investigations being conducted by law enforcement agencies.
As a crypto investor, I found myself in a situation where my account balance was subject to phased withdrawals from August 26th to September 8th. The good news was that the rest of my funds would be accessible by mid-September.
It became apparent during the discussion that Zanmai Labs, which oversees Indian Rupee (INR) activities, was not under investigation. However, a concerning point was that 34% of user balances have been frozen indefinitely, and there is no set date for their release at this time.
During a digital gathering held on September 2nd, both WazirX and the financial consultancy firm Kroll disclosed their intention to apply for a halt in court proceedings within the Singaporean judicial system, which added to existing concerns.
This move would temporarily shield WazirX from legal action while it attempted to restructure its liabilities, but it came at a steep cost — users would be unable to withdraw their crypto for at least six more months.
The legal protection, WazirX claimed, was the fastest way to work on a plan to recover funds. However, during the town hall, users were warned that a full recovery of their crypto assets was highly unlikely.
Indeed, George Gwee, the director at Kroll, indicated that customers might potentially stand to lose around 43% of their holdings. At best, users may be able to recover approximately 55% to 57% of their deposits—a rather grim outlook for those aiming to regain their investments.
The untold stories of WazirX’s users
As a result of the WazirX hack, numerous users find themselves in a difficult situation, unable to access or retrieve their funds due to an unclear route for recovery.
crypto.news contacted various affected individuals who willingly shared their individual stories, annoyances, and the disastrous consequences these events have had on their financial situations.
Among the compelling tales, there’s one from Sana Afreen, the Director of Partnerships at Rizzle, who has openly shared her predicament. Afreen is one of numerous users whose substantial assets are entangled in the turmoil. In an interview with crypto.news, she expressed her exasperation.
Speaking as one who has over $30,000 locked in cryptocurrency assets, I unequivocally assert that this is a flagrant violation of customer trust. The way WazirX has managed this situation has been nothing less than catastrophic. Their continuous passing of blame, delayed reactions, and freezing of funds have only intensified the worry and irritation for users like me, who relied on their platform with substantial investments. While they communicate with the community, their approach lacks transparency. Rather than tackling the issue directly, they seem to be shifting responsibility repeatedly.
Afreen didn’t mince words while talking about the latest choice to transfer the case to Singapore. To her, this shift further increased the distrust.
It seems as though WazirX’s decision to transfer operations to Singapore could be viewed as an attempt to sidestep responsibilities under Indian laws. Though they might justify it as a strategic move, this action stirs up significant doubts about their dedication towards their Indian clientele. It is disheartening to observe that they appear to use the funds of their users to offset the losses from the hack, rather than dipping into their own earnings. This raises considerable questions regarding their financial management practices, both ethically and operationally. They are opting to shoulder the loss by reducing the worth of their users’ assets. This is not just unfair but also indicates a lack of accountability.
Afreen also highlighted how this situation has left her and others in serious financial distress. The uncertainty of recovery has weighed heavily on users who trusted the platform. She explained:
The latest announcement indicating that users may only partially regain their cryptocurrency holdings is deeply concerning. It implies that WazirX may not be prepared or willing to fully assume liability for the security breach. Rather than utilizing their own earnings, which they’ve benefited from thanks to us, the users, they are opting to shift the burden onto us. This issue transcends monetary value; it involves trust, responsibility, and ethical conduct. WazirX should spearhead resolving this predicament by using their profits to compensate for the losses. Anything short of that would be an injustice to the crypto community.
A different individual, opting for anonymity, disclosed a distressing encounter with crypto.news. While Afreen openly expresses her sentiments, this person chose a less prominent platform to voice their feelings, yet they shared the same intensity of frustration and hopelessness.
I’ve got around 15 hundred thousand rupees (approximately $18,000) locked up on WazirX, and the past few months have been nothing short of a nightmare. When the hack initially occurred, I was optimistic that swift action would be taken, but as weeks turned into months, it became clear that WazirX prioritized protecting their image over assisting their users. The move to freeze our cryptocurrency, and shifting the case to Singapore – it all feels like a carefully planned strategy aimed at buying them time while we endure.
The user then voiced their disapproval towards WazirX for its insufficient clarity and dialogue, echoing the same apprehensions as Afreen.
Each time a statement is released, it seems more like an attempt to soothe us rather than provide substantial responses. We’re left with fragments of information, but nothing solid or definitive. The idea that we might recover just half of our initial investment is downright chilling.
For this individual, it wasn’t merely the financial loss that was distressing, but also the feeling of having relinquished control.
As an analyst reflecting on a past experience, I’ve found myself in some prosperous positions before a hack occurred. Now, I observe the very same digital assets surging, yet find myself powerless to act. This impotence is disheartening – knowing my funds are trapped, immovable. The feeling of helplessness intensifies with each passing moment as I come to terms with my situation, realizing I’m in their hands. The prospect of recovering merely half of what I lost is almost unbearable. It leaves a deep, unsettling sensation that makes me question whether I’ll ever place faith in another exchange again.
Simultaneously on various social media platforms, people are expressing their sorrow in deeply emotional posts, demonstrating the widespread impact of this catastrophe.
Some individuals express worry about their wellbeing, explaining that the current circumstances have exacerbated their stress levels, leading to complications with managing debts and causing their thoughts to become more pessimistic.
Due to my poor health condition and the ongoing monthly loan payments, it’s becoming increasingly difficult for me to keep living, let alone manage expenses, especially with Wazirx adding to the burden. How am I supposed to meet these financial obligations when I’m struggling just to stay alive? These thoughts of death are constant…
— Mohammed Ahmed (@Mohamme20211813) August 31, 2024
People find themselves overwhelmed and powerless as they grapple with the situation, yearning for support that seems absent. The cries for help from those affected become more insistent by the day, urging for an immediate solution to avoid further complications.
Expert opinions: the fallout from WazirX’s missteps
The WazirX hack has sparked doubts among the cryptocurrency community and industry experts about the exchange’s handling of the situation and its level of openness. (Paraphrased)
In an exclusive conversation with crypto.news, Suraj Sharma, the Global Head of Public Policy & Government Affairs at BitBNS and Onramp.money, underscored the damaging effect on the exchange’s reputation due to inadequate communication.
After the hack, WazirX’s actions have sparked questions about transparency. The freezing of Indian Rupee (INR) funds for users not directly affected and the slow communication have severely damaged customer trust. A more transparent approach—detailing timelines and measures being taken to secure user assets—could have eased many doubts. What’s troubling is that WazirX appeared to lack a crisis management plan.
Speaking on WazirX’s choice to take legal matters to Singapore, Sharma emphasized the strategic reasons for this action while cautioning about potential consequences for Indian users.
Since Zettai, the main corporation, is based in Singapore, it’s plausible that this choice was made to minimize various liabilities. However, some might view this as an attempt to avoid Indian regulatory supervision. Adding to this, the relocation of co-founder Shetty to Dubai doesn’t present a reassuring image of a company dedicated to its Indian customer base. I’ve had discussions with several law enforcement personnel who have voiced significant apprehensions about this transition, as it essentially strips Indian authorities of their ability to secure funds in the event of seizure.
For those users who have their funds locked, the situation seems very bleak. Sharmas advice suggests that any potential recovery may take an extended period, and even if it happens, it’s possible that they won’t get back all of their money.
Users who have substantial assets tied up on the platform may experience a prolonged resolution period due to Singapore’s restructuring efforts. Indian users might seek legal recourse through the court system, but lengthy litigation could intensify their existing financial difficulties. A class-action lawsuit could provide users with a unified front to challenge WazirX, but achieving a swift resolution appears doubtful.
Another member of the Indian cryptocurrency sector, preferring to stay unnamed, echoed similar worries. They were critical of WazirX’s lack of transparency, pointing out how the exchange’s actions have significantly undermined customers’ trust. Regarding the move to Singapore for resolution, this expert anonymously commented:
Moving to Singapore might be driven by the prospect of a friendlier legal system and smoother operations, yet it stirs worries about WazirX’s dedication to their Indian user base. It seems like an effort to evade Indian law obligations, potentially placing users in an even more exposed situation.
As a researcher examining the subject at hand, I must admit that the outlook for those directly impacted appears tentative, offering limited prospects for a complete restoration.
The situation for users appears grim. While WazirX is attempting to restore the funds, there’s no assurance they’ll recover everything. Users might want to consider pursuing legal avenues, but be prepared for a time-consuming process. Given that WazirX seems unresponsive in providing substantial solutions, users may need to turn to online communities for advice and assistance instead.
As an analyst, I can’t help but echo the consensus reached by my peers: the WazirX hack serves as a stark reminder for the Indian crypto industry. The exchange seems to have faltered in its communication efforts, and its questionable legal strategies have raised eyebrows. Moreover, the mounting discontent among users signifies a more profound issue at hand – one that necessitates not only regulatory action but also internal restructuring within the industry.
Legal troubles brewing for WazirX
In the wake of the July hack, WazirX is encountering growing legal difficulties. Displeased Indian users, due to the freezing of their assets and WazirX’s contentious move to transfer legal action to Singapore, are demanding fair treatment.
Crypto.news had an exclusive interview with Siddhant Pandey, Managing Partner at Is It Legal Sid, a person who has been approached by numerous individuals seeking guidance on navigating the intricacies of their legal choices due to issues they’ve faced.
Pandey pointed out that a company’s effort to transfer legal disputes overseas doesn’t eliminate the right of Indian users to take legal action within the Indian court system.
In summary, my legal perspective is that all users are Indian consumers. Some companies try to make users agree to arbitration in a foreign court as a way to avoid legal disputes in India. However, these tactics do not remove the authority of Indian consumer courts. Indian users should challenge and reject any proceedings that take place outside of India.
Pandey helps his clients navigate the process of resolving their consumer issues within India, with a focus on escalating cases to the National Consumer Disputes Redressal Commission (NCDRC), a body that specializes in resolving significant consumer conflicts.
“The most effective route is the NCDRC, but complainants need to meet the pecuniary jurisdiction of ₹10 crore (about $1.2 million). That’s the threshold to get your case heard there.”
While the specific count of those filing complaints is kept private, Pandey affirmed that there are sufficient individuals looking to take legal action, which surpasses the limit required for the National Consumer Disputes Redressal Commission (NCDRC) to handle their cases.
Under growing legal scrutiny from impacted users, the platform might soon encounter the full extent of Indian consumer protection regulations. If these initiatives gain momentum, WazirX could be compelled to tackle the grievances of its Indian customers within local courts, which might establish a precedent for how cryptocurrency exchanges are held responsible in India in the future.
Read More
Sorry. No data so far.
2024-09-10 16:08