2024 WazirX hack

2024 WazirX hack
DateJuly 18, 2024
TypeCyberattack; cryptocurrency theft
TargetWazirX
OutcomeApprox. US$230–235 million stolen; withdrawals and trading suspended
SuspectsAttributed to the Lazarus Group

On 18 July, 2024, WazirX, an Indian cryptocurrency exchange, reported a cyberattack in which approximately US$230 million (around ₹2,000 crore) in digital assets were stolen from a multisignature wallet used under a third-party custody arrangement with Liminal Custody.[1][2] Global analysis later linked the attack to the Lazarus Group, a North Korea–associated threat actor targeting crypto infrastructures worldwide.[3]

Background

WazirX is an Indian cryptocurrency exchange founded in 2018 which allows users to buy, sell, and trade cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), XRP, and other popular digital assets.[4]

In July 2024, Indian cryptocurrency exchange WazirX experienced a large-scale cyberattack resulting in the theft of approximately $230 million (₹2,000 crore) in digital assets from a multisignature wallet maintained through a third-party custody arrangement. This wallet was accessible via WazirX’s custody partner Liminal Custody.[5]

Aftermath

After discovering the breach on 18 July 2024, WazirX publicly disclosed the incident. WazirX halted all cryptocurrency and INR withdrawals on 18 July 2024 and paused trading on 21 July 2024. User balances were restored to their state as of 18 July 2024 (1:00 PM IST), effectively undoing trades made between the hack and the trading halt. A First Information Report (FIR) was filed with the Special Cell in New Delhi. One individual, SK Masud Alam, was arrested for opening a "mule" account (under the alias Souvik Mondal) that facilitated the hack.[6][7]

WazirX terminated its custody agreement with Liminal, and began moving assets to other secure institutional partners. Over ensuing months, WazirX reported the incident to international and domestic cybercrime agencies, focused on asset recovery, legal restructuring, and planning for an eventual platform restart.[8][9][10]

Forensic findings

According to a report by Mandiant dated 14 August, WazirX’s cyberattack originated from Liminal Custody which was a Singapore-based security partner of the crypto exchange.[11]

According to WazirX, the attack did not affect the exchange’s hot wallets or primary trading platform infrastructure and was confined to the externally managed multisig custody environment. Liminal Custody disputed aspects of the forensic methodology and conclusions.[12]

However, investigative developments in India added further scrutiny to the custody provider’s response.  Reports related to the incident noted that the Delhi Police Intelligence Fusion and Strategic Operations (IFSO) unit alleged that Liminal failed to provide critical logs and technical data associated with the date of the breach. While responses were submitted, authorities stated that the required technical information was not fully provided.[13][14]

Singapore High Court restructuring

On 13 October 2025, the High Court of Singapore sanctioned (with modifications) a creditor-approved restructuring scheme submitted by Zettai Pte Ltd., WazirX’s Singapore-based entity, after the proposal was supported by about 95.7% of creditors by number and 94.6% by value.[15] The Scheme of Arrangement was pursued under Singapore’s Insolvency, Restructuring and Dissolution Act and included steps to restructure liabilities, pro-rata distribution of rebalanced assets (approx. 85 % of claim value), and issuance of Recovery Tokens (RTs) for potential future distributions.[16] Following the court sanction, the endorsed scheme was filed with Singapore’s Accounting and Corporate Regulatory Authority (ACRA).[17]

Platform restart

After the restructuring scheme became legally effective, WazirX restarted operations within ten business days, 24 October 2025, and returned 85% funds to users. The platform introduced a temporary 0% trading-fee offer.[18] Platform operations resumed on 24 October 2025, with the exchange migrating custody to global crypto institutional custody providers such as BitGo and implementing additional security measures.[19][20][21]

During the restructuring process, WazirX continued court proceedings and creditor engagement, including a creditor vote reported as showing high participation and renewed support for the restructuring scheme after an earlier proposal was rejected by the Singapore court.[22] The exchange later resumed operations under revised custody arrangements and implemented additional security measures, including the use of institutional custody providers such as BitGo.[23][24]

References

  1. ^ Venugopal, Sahana (3 September 2024). "WazirX Cyberattack: What is WazirX's legal status after a $230 million wallet hack?". The Hindu.
  2. ^ "WazirX cryptocurrency exchange halts withdrawals after security breach". The Indian Express. 2024-07-18. Retrieved 2024-07-31.
  3. ^ "Joint Statement on Cryptocurrency Thefts by the Democratic People's Republic of Korea and Public-Private Collaboration". United States Department of State. Retrieved 2026-02-26.
  4. ^ "WazirX trade volume and market listings". CoinMarketCap. Retrieved 2026-02-26.
  5. ^ "Indian crypto platform WazirX confirms $230 million stolen during cyberattack". therecord.media. Retrieved 2026-02-26.
  6. ^ Singh, Navdeep (2024-07-18). "WazirX temporarily suspends crypto deposits and withdrawals after $230M hack". The Economic Times. ISSN 0013-0389. Retrieved 2026-02-26.
  7. ^ Singh, Manish (2024-07-21). "WazirX halts trading after $230 million 'force majeure' loss". TechCrunch. Retrieved 2026-02-26.
  8. ^ Singh, Navdeep (2024-07-18). "WazirX temporarily suspends crypto deposits and withdrawals after $230M hack". The Economic Times. ISSN 0013-0389. Retrieved 2026-02-26.
  9. ^ Singh, Manish (2024-07-21). "WazirX halts trading after $230 million 'force majeure' loss". TechCrunch. Retrieved 2026-02-26.
  10. ^ Singh, Navdeep (2024-08-14). "WazirX ends custody deal with Liminal, begins migration of funds to new wallets after $230 million hack". The Economic Times. ISSN 0013-0389. Retrieved 2026-02-26.
  11. ^ Singh, Divyesh (2024-09-09). "Crypto firm WazirX's security partner says no evidence of cyberattack on its system". India Today. Retrieved 2026-02-26.
  12. ^ Radhika Parashar & Siddharth Suvarna (29 July 2024). "WazirX Wallet Hack: Liminal Denies Responsibility Amid Recent Allegations". Gadgets360. NDTV. Retrieved 26 February 2026.
  13. ^ "WazirX Cyberattack: Liminal Responds To Claims Of Non Cooperation; Here's What It Said". ABP Live. 2024-11-14. Retrieved 2026-02-26.
  14. ^ "Indian police arrest suspect in $230 million WazirX crypto exchange hack". therecord.media. Retrieved 2026-02-26.
  15. ^ "WazirX News: Singapore Clears Plan for Restart, Bringing Respite to Victims of $230M Hack". www.coindesk.com. Retrieved 2026-02-26.
  16. ^ "WazirX's Revival - an understated moment for India's Crypto Industry?". m.economictimes.com. Retrieved 2026-02-26.
  17. ^ "WazirX to reopen within 10 business days after Singapore High Court approval". Superex. Retrieved 2026-02-26.
  18. ^ "India's crypto exchange WazirX to resume operations on October 24 with 0% trading fees". The Times of India. 2025-10-23. ISSN 0971-8257. Retrieved 2026-02-26.
  19. ^ "WazirX resumes operations, looks to rebuild trust - The Economic Times". m.economictimes.com. Retrieved 2026-02-26.
  20. ^ Sanzgiri, Vallari (2025-03-13). "WazirX Partners with BitGo Trust to enhance security funds". BusinessLine. Retrieved 2026-02-26.
  21. ^ Sharma, Manoj (2025-11-05). "After restructuring and restarting post hack, WazirX is now rebuilding to reclaim No. 1 spot: Nischal Shetty". Fortune India. Retrieved 2026-02-26.
  22. ^ "WazirX users vote again to support restructuring scheme after Singapore court struck down the first proposal". The Hindu. 2025-08-19. Retrieved 2026-02-26.
  23. ^ V, Decrypt / Vismaya (2025-10-23). "WazirX to Resume Trading and Withdrawals More Than a Year After $234M Hack". Decrypt. Retrieved 2026-02-26.
  24. ^ "Watch: WazirX founder Nischal Shetty candid on the aftermath of 234M hack". TheStreet Crypto: Bitcoin and cryptocurrency news, advice, analysis and more. Archived from the original on 2025-12-27. Retrieved 2026-02-26.


This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.