As a seasoned researcher with extensive experience in the cryptocurrency industry and cybersecurity, I find WazirX co-founder Nischal Shetty’s announcement of a bounty program to recover stolen funds an intriguing development. The recent hack on WazirX resulted in losses worth over $234 million, which is a significant blow for the exchange and its community.
Nischal Shetty, a co-founder of WazirX, has launched a reward initiative to assist in either retrieving or securing the funds that were taken during the exchange’s recent cyberattack.
According to a recent report from crypto.news, over $234 million in various cryptocurrencies were lost due to an exploit that was uncovered this week.
The WazirX team is actively making progress on the next steps. Here are some possible ways we’re advancing:
โ Nischal (Shardeum) ๐ผ (@NischalShetty) July 20, 2024
Based on a recent post on X by Shetty, I’ve learned that WazirX announced their bounty program this morning. The initial proposal put forth a total reward amount of $11.5 million for those who could help recover the stolen assets. However, the co-founder disclosed an update to this figure following engagement with crypto security investigator ZachXBT, resulting in a new and increased bounty of approximately $23 million.
The total bounty has been updated to $23M thanks @zachxbt for the suggestion ๐
โ Nischal (Shardeum) ๐ผ (@NischalShetty) July 21, 2024
Shetty explained that the bounty program served as a means for the cryptocurrency exchange to seek help from the wider crypto community in their efforts to retrieve the funds lost during the cyberattack on July 18.
Based on WazirX’s blog post, the initiative encompasses two parts. The initial part is a track and freeze bounty, designed to help identify and immobilize stolen assets. The second component is a white hat recovery bounty, which awards those who aid in recovering funds a 10% share of the recovered amount as compensation.
Based on my experience working with blockchain technology and cryptocurrencies, I have come across similar situations where funds have been stolen from an exchange or a wallet. In such cases, transparency and swift action are key to recovering lost assets. One common approach I’ve seen exchanges take is publicly sharing their ERC20 wallet address for the return of the stolen funds. By doing so, they demonstrate their commitment to addressing security issues and restoring trust with their users. This proactive measure not only helps potential good-faith actors identify and return the stolen assets but also sends a strong signal that the exchange takes responsibility for its customers’ funds seriously.
As a crypto analyst, I’ve noticed that members of the X crypto community have expressed concerns regarding the slow progress in recovering the stolen funds. Some have even hypothesized about the potential cause of the breach, with many pointing fingers at the Lazarus Group.
A $10M reward holds no significance if we’re indeed dealing with Lazarus Group since they aren’t likely to surrender the funds or be apprehended and face legal consequences. In terms of the industry standard, 5% is less than the commonly accepted 10%+ threshold.
โ ZachXBT (@zachxbt) July 21, 2024
Despite the hope that some of the stolen funds may be retrieved in an optimistic turn of events, according to blockchain analysis firm Arkham, the hacker has successfully sold off approximately $102 million in SHIB tokens from the stolen haul.
Speculation on WazirX exploit method
A WazirX user with an X account provided details on the potential cause of the hacking incident, implying that Shetty and the WazirX security team may have been negligent during the occurrence.
I’d be happy to provide more information on the WazirX Hack incident.
โ Engineer Xplains (@engineer_inside) July 21, 2024
According to reports, the suspicious user suspects a hacker altered the contract outlining transaction processes undetected. Allegedly, this unauthorized intruder obtained signatures from three distinct keyholders during aborted transactions.
After obtaining approval using the provided signatures, a trial transaction was initiated, allowing for the execution of bigger, unauthorized transfers in the future.
Shetty opposed the accusations, maintaining that Liminal’s safety protocols ensure transaction accuracy by verifying it and approving only whitelisted addresses for signing. Moreover, he clarified that Liminal exclusively processes transactions initiated within its own platform, disregarding external initiators and their signatures.
The WazirX co-founder is currently waiting for a comprehensive report from Liminal regarding the incident, in addition to undergoing a thorough forensic examination of the three WazirX devices implicated in the event.
Read More
Sorry. No data so far.
2024-07-21 21:50