As someone who has spent years navigating the complex and often unpredictable world of cryptocurrencies, I must say that the WazirX hack case is one of the most distressing incidents I’ve encountered. Having seen the transformative power of blockchain technology and its potential to democratize finance, it’s heartbreaking to witness a platform designed for exactly that purpose causing so much pain and anguish to its users.
Is it possible that fresh accusations against WazirX could shed light on the truth behind the July hack, or are disgruntled users merely fanning baseless conspiracy theories?
Table of Contents
WazirX under the radar “again”
On July 18th, India’s crypto community experienced a significant shock when WazirX, the nation’s largest cryptocurrency exchange, disclosed a devastating cyberattack. Over $235 million (approximately ₹2,000 crore) was drained from a single wallet, with initial speculation linking the hack to the infamous Lazarus Group, a cybercrime organization believed to be based in North Korea.
Initially, the incident was believed to be an external attack, but recently, a group of WazirX users, known as “Justice for WazirX Users,” have suggested on Twitter that it could potentially be an internal matter rather than an international cyberattack.
As an analyst, I find it compelling to believe that the WazirX hack was indeed a real event. Let me explain my reasoning through a series of observations:
— Justice for WazirX Users (@IndiasCrypto) November 26, 2024
The evidence supporting their assertions comes in the form of an extensive chronology of occurrences preceding the hack, which paints a picture of a platform under immense financial pressure, subjected to investigations by regulatory bodies, and overwhelmed by internal disorder. They suggest that the sequence of events leading up to the security breach appears too unlikely to dismiss casually.
Is it plausible that this was an internal affair, or could the mounting doubts be stemming from disappointment and a heightened sense of mistrust? By scrutinizing all aspects, we’ll discover if there’s any clarity to be found.
The dominoes leading to the hack
Based on a popular discussion on Twitter, it appears that WazirX’s difficulties didn’t first arise due to the hack; instead, they can be traced back to February 2022, when the Indian government introduced a 30% tax on cryptocurrency earnings.
As a result of this policy, WazirX experienced a dramatic drop in their daily earnings during the night. Previously bustling with activity, the cryptocurrency exchange found itself facing a decline in user engagement and diminishing profits – an unsettling development for any business operating in the fast-paced and fiercely competitive crypto market.
In the span of two months, starting from February 2022, WazirX’s co-founders, Nischal Shetty and Siddharth Menon, made a permanent move to reside in Dubai by April 2022.
Due to the growing attention on the cryptocurrency sector in India, their exit raised some awkward queries: was it a calculated maneuver to evade regulatory stress, or merely a common action misinterpreted by the public?
In August 2022, things went downhill for WazirX when India’s Enforcement Directorate seized approximately $8 million of their assets, accusing them of money laundering activities. However, WazirX has refuted these claims. Regardless, the raid significantly damaged the exchange’s image and imposed a great deal of operational stress.
In January 2023, difficulties intensified as Binance, a significant player in the global cryptocurrency market and previously associated with WazirX, decided to end their partnership. Binance cited disagreements over management, insisting on the transfer of funds, which ultimately led to the disconnection of a vital source of support.
By January 2024, the situation became more intricate as India enacted a ban on Binance, prompting numerous Indian users to move their funds to WazirX, significantly increasing its financial holdings to substantial amounts.
Approximately $2,000 crores were accumulated in a single account during the transaction, while another 2,500 crores were dispersed among 250,000 smaller accounts. This massive concentration of funds in one location raised concerns for some due to the potential risks associated with centralizing such a substantial amount.
In July 2024, a hack targeted a specific digital wallet, depleting its $235 million balance. This prompted many to question the decision behind concentrating such a large sum in a potentially risky spot. Why, they wondered, did WazirX keep so much money in a single, exposed location?
Was this sheer negligence — or something far more calculated, perhaps even a staged hack?
A web of allegations and discrepancies
The complications arising from the WazirX hack have become increasingly tangled, as more accusations and inconsistencies in finances keep surfacing daily.
In September, the YouTube channel Crypto India thoroughly examined WazirX’s second affidavit and financial records, revealing significant concerns about the platform’s operational transparency that had been causing increasing annoyance among users.
One significant disclosure from WazirX’s affidavit is their application for a moratorium in Singapore, which aimed to restructure their obligations following the hack. Originally, the platform stated that the total value of funds during the hack was $570 million, with $234 million being stolen, representing a theft rate of 42%. However, this figure has since been revised to $546 million, indicating that approximately 45% of the funds were taken.
— Mystery of Crypto (@Mysteryofcrypt) September 25, 2024
The discrepancy arises from WazirX initially including INR balances managed by Zanmai Labs, its Indian entity, in the books of Zettai, its Singapore-based arm, highlighting weak internal controls, further eroding user confidence.
To add to that, out of a total of 4.2 million users, only 431 showed support for the moratorium, which equates to an incredibly small percentage (0.01%) of the user base. In terms of financial impact, these supporters have liabilities amounting to $9.2 million, significantly less than the required threshold ($410 million) needed for the moratorium’s approval.
The uncertainty surrounding WazirX’s financial reports is further fueled by a significant revision. The picture grows even more puzzling when examining these financial statements. According to Zettai, revenues were reported at $108 million in 2022 and $12 million in 2023; however, the spending patterns raise red flags.
Approximately 79% of the company’s 2022 earnings, totaling around $79 million, went towards sales and marketing, without specifying how or where this money was allocated. An additional $15 million was categorized as administrative expenses, but the details behind these figures remain unclear.
It’s particularly concerning that liabilities totaling $23 million were classified as “Others,” which makes up almost all (99%) of the total liabilities. This vague categorization in financial reports could be a significant warning sign, hinting at possible attempts to obscure or hide information.
The controversy has spilled over into legal action, with rival platform CoinSwitch filing a lawsuit against WazirX in September to recover funds allegedly trapped on the platform after the hack.
🚨It’s important to review the affidavit submitted by CoinSwitch, which alleges that Zettai is trying to hide misbehavior and possibly fraudulent spending by its representatives.
— Justice for WazirX Users (@IndiasCrypto) September 23, 2024
According to CoinSwitch, a previous collaborator of Zanmai Labs, there’s been a lack of transparency from WazirX regarding whether their tokens were safely kept in protected wallets or if these wallets were breached during a security incident.
Although WazirX claims that its infrastructure remains secure, the lack of published audit reports and comprehensive incident analyses casts a shadow of uncertainty over the events, leaving users questioning if their remaining funds are genuinely secure.
WazirX’s plan to refund users
In response to mounting concerns and ongoing queries after the July cyberattack, WazirX has proposed a detailed strategy for reimbursing affected parties. This strategy aims at eventual compensation, but it’s subject to terms under which users may experience an immediate financial setback.
At the heart of this initiative is the debut of a “rebalancing tool,” now operational on our system, designed to determine precisely what each lender is owed. Unfortunately, users are currently facing a 48% reduction in their investments – a setback that WazirX assures will be progressively resolved over time.
At the fourth company meeting on November 6th, WazirX disclosed information about their payment strategy. Their intention is to address approximately 52% of all outstanding debts using the funds they currently possess.
The allocation will be made according to each user’s share, which means that every user will get a portion of what they are entitled to, depending on the scale of their claims.
To handle the 48% of liabilities that can’t be paid off right away, WazirX plans to distribute Recovery Tokens to the creditors. Each token will stand in as a placeholder, equivalent to $1, for the unpaid funds.
These tokens could potentially be redeemed in the future, as long as WazirX resumes its activities and starts earning profit again.
To reach this goal, the exchange has proposed a comprehensive plan with several approaches. This involves introducing new commercial projects and enhancing trading volume.
The CEO of WazirX, Nischal Shetty, has suggested they are considering the creation of a decentralized exchange, with his optimism that it might grow to be India’s leading platform in just one year.
Beyond just the Decentralized Exchange (DEX), WazirX also intends to restart activities on its centralized platform, hoping for an increase in trading activity due to the ongoing bull market. This surge in trading is expected to boost their earnings.
Arrests, allegations, and unanswered questions
Last October, the Delhi High Court listened to a complaint lodged by investor Jaivir Bains, who claimed that WazirX combined funds from both hacked and secure accounts in an attempt to offset losses. This method, allegedly, impacted investors who were not involved in the breach.
In the argument made by the petitioner’s lawyer, it was stated that these actions were in breach of both the exchange’s terms of service and regulatory guidelines. The lawyer suggested that a thorough investigation should be conducted by the Financial Intelligence Unit (FIU) and the Enforcement Directorate (ED).
As an analyst, I’ve noticed that the petition has brought forth apprehensions regarding the effectiveness of our oversight measures. It seems that questionable funds were moved to Singapore, which could make future recovery attempts more intricate.
In considering the gravity of the accusations, the court pointed out that there was not enough initial proof available to decide if the hack was instigated from outside sources or if it was a deliberate attempt to conceal evidence internally.
The decision was made that issues like combining funds and limiting withdrawals fall under the jurisdiction of civil courts for resolution, being more appropriate for such resolution. Meanwhile, the Assistant Commissioner of Police was instructed to examine the complaint thoroughly and engage regulatory bodies if any fresh proof surfaces.
In a fresh development of the ongoing incident, the Delhi Police’s Special Unit has apprehended SK Masud Alam, a citizen from West Bengal, for his alleged involvement in the recent cyber assault.
Based on the court document, it is claimed that Alam supposedly fabricated an account using the pseudonym “Souvik Mondal” and later offered this fraudulent account for sale on Telegram to a person named M. Hasan. It’s said that Hasan then employed this account to penetrate the security systems of WazirX.
Additionally, the petition alleges that state officials, such as the FIU, have not taken prompt action, possibly influenced by red tape. As the WazirX case continues to unfold, the situation becomes increasingly intricate, with substantial sums of money and public trust on the line.
A system failing its people
Despite numerous investigations, the exact details surrounding the WazirX security breach remain unclear. It’s uncertain whether the incident was a complex outside attack or an internal scheme cleverly masked as such; the truth is still elusive at this point.
Yet, this event not only shed light on potential weaknesses within cryptocurrency systems, but it also underscored some shortcomings in India’s regulatory and legal framework when dealing with such emergencies efficiently.
Ever since the data breach in July 2024, numerous users have found themselves in a state of anxiety, as many face potential bankruptcy. Social media platforms are currently flooded with emotionally charged narratives about investors who’ve lost their life savings due to this incident.
It’s been shared that some individuals are taking drastic steps due to their financial troubles, such as accumulating significant debt, having to sell possessions like houses and cars, and in heartbreaking situations, considering ending their lives.
Over almost five months since the cyber attack, it appears that Indian regulatory and law enforcement agencies have shown a reluctance to take immediate action. Notably, the Financial Intelligence Unit (FIU) and the Enforcement Directorate (ED), responsible for financial compliance and probing money laundering cases, seem to be largely inactive in this situation.
Currently, the main concerns regarding the case have moved out of India. As WazirX’s restructuring plan is being scrutinized by the Singapore High Court, crucial choices about user refunds and the platform’s direction are being decided beyond the reach of Indian law.
It’s quite ironic: users primarily from India are turning to foreign courts for justice, even though their own government seems slow in progress.
It could be quite some time – maybe months, perhaps even years – before we can definitively say whether the hack was caused by an outside attacker or someone within the system. In the meantime, the concern of the users offers a stark warning about the potential repercussions of any system’s flaws.
Read More
- Crypto VC funding roundup: Riot snags over $594m, BVNK raises $50m
- PYTH PREDICTION. PYTH cryptocurrency
- The Final ‘Gladiator II’ Trailer Has Arrived
- ‘Fast and Furious’ Star Paul Walker Remembered 11 Years After His Death
- 15 Charged for converting Drug Cartels’ Cash into Cryptocurrency in U.S.
- OREO Unveils Six New Products for 2025
- XRP Price Eyes $2 Support Level Amidst Market Correction
- TROTOAR Gallery Bridges Local and Global Art with ‘That’s What’s Up!’
- Russell T Davies Says He “Kind Of Hopes” The Streaming Bubble Will “Pop”
- IMX PREDICTION. IMX cryptocurrency
2024-11-28 22:55