WazirX, one of India’s largest cryptocurrency exchanges, faced a major attack by North Korea-linked hackers on July 18, 2024, resulting in unauthorised withdrawals of about $235 million (Rs 1,966 crore) from customers' wallets. As a result, WazirX temporarily halted all withdrawals in rupees and cryptocurrencies.
The affected wallet, managed by six signatories, including advanced security measures, was compromised due to a mismatch in transaction data.
Aftermath Of Loot
According to Coin Desk, the North Korea-linked exploiter had converted most of the loot to Ether (ETH). The exploiter now holds over 59,097 ETH worth $200 million and an additional $15 million in various alternative tokens. Significant losses in the market values of the stolen cryptocurrencies and the exchange's native token followed.
What Should Investors Do?
According to experts, investors should diversify their holdings, use offline or cold wallets to store their crypto assets, and have a clear exit strategy.
Suman Bannerjee, CIO, Hedonova says, “Investors should diversify their holdings, conduct thorough research on exchanges, stay updated with market news, and utilise secure, offline wallets to protect their assets. They should only invest what they can afford to lose and have a clear exit strategy. They should also regularly review their portfolio to mitigate risks and adapt to changes.”
Roshni Aslam, Co-Founder of GoSats, says, "The Wazir X incident emphasises the increasing risk for investors. Users need to move their crypto portfolio to cold storage to reduce risks related to online fraudulent activities and hacking. This can enhance general security measures and safeguard investors from unfortunate losses."
Can Regulations Help?
When asked if regulations could have prevented this loot, Aslam highlighted the absence of global collaborative regulations in the crypto sector.
“The Centre and RBI have advocated a robust framework for global collaborative regulations in the sector. The Crypto Bill is in the pipeline in India, but without global regulation, Indian regulators cannot be held responsible for preventing such cases," she says.
Adds Banerjee: “Stricter regulations could have prevented the WazirX incident. Implementing mandatory security protocols, regular audits, and ensuring compliance with anti-money laundering (AML) and know-your-customer (KYC) norms would enhance exchange security. Enhanced consumer protection laws and international cooperation for harmonised regulations are crucial.”
Recovery Of Lost Funds
Regarding the possibility of recovering lost funds, Aslam believes that while some crypto exchanges may offer refunds in case of theft, the process is complex with multiple layers and varies between exchanges. It is premature to speculate on the outcome, she says.
Banerjee feels the recovery of lost funds from the WazirX hack would depend on jurisdictional regulations.
“WazirX is actively pursuing recovery, but if these efforts fail, it underscores the importance of investing only what you can afford to lose,” he adds.