WazirX halts trading following $230 million exploit, offers bounty for recovered funds
Quick Take Indian crypto exchange WazirX, following the $230 million exploit it experienced on July 18, has halted trading across its platform. The company has also announced a recovery program, offering up to 10% of the hacked total ($23 million) for recovering the funds and up to $10,000 for assistance freezing the funds. However, evidence suggests North Korea’s Lazarus Group is the attacker, and assets are very rarely recovered from the group’s hacks.
Cryptocurrency exchange WazirX WRX -2.66% has halted trading across its platform as it deals with the fallout from a recent exploit, which saw $230 million drained from its wallet as the result of a private key compromise on July 18.
"The cyber attack theft has impacted our ability to maintain 1:1 collaterals with assets, and we've temporarily paused trading," WazirX wrote in an announcement post on X. WazirX's wallets were drained of over $100 million worth of Shiba Inu SHIB -2.49% at the time, along with millions of dollars worth of MATIC -0.61% tokens, PEPE -0.96% tokens, USDT -0.046% , and GALA -2.22% tokens. The hacker, which evidence suggests may be the North Korean state-sponsored Lazarus Group, has since converted most of the siphoned assets into ether .
"We're conducting thorough forensic data examination and security audit procedures and working to enable withdrawals soon. User safety remains our top priority," the exchange wrote in its announcement post .
WazirX also announced the formation of a bounty program for assistance with tracking and freezing or returning the funds, inviting cybersecurity and blockchain experts to "join this critical mission and protect the integrity of the crypto ecosystem."
The company had originally offered 5% of the recovered funds as an incentive for assisting in their full return, but later doubled the reward to 10% following feedback from blockchain sleuth ZachXBT, according to the company's post. The company is also offering "up to $10,000 worth of USDT" for "actionable intelligence that leads to the freezing of the funds." The program will last three months, but that timeframe may be amended.
"$10M bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable. 5% is lower than 10%+ industry standard," ZachXBT wrote . ZachXBT also clarified that he himself would not be assisting in the investigation, writing , "I do not have the resources to follow a potential Lazarus group hack like this 24/7 as it requires many hours."
As ZachXBT noted, recoveries from hacks involving the Lazarus Group are incredibly rare. When $30 million was recovered in September 2022 from the infamous Lazarus Group-linked $600 million hack of Axie Infinity's Ronin Bridge, Chainalysis noted that it was the first time funds linked to North Korea's hacking group had been seized. Though not all hope is lost for WazirX; "...We’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote at the time .
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US Space Force major seeks Bitcoin advisor role
FLOKI eyes 105% gain amid bullish setup
Bitcoin hits $93,800 as Ethereum and altcoins rally
Russia to ban crypto mining in occupied Ukraine in December