WazirX Hack Update: Founder Discloses New Details On Fund Recovery, Withdrawal

In the aftermath of the $230 million WazirX hack, the exchange’s founder Nischal Shetty has answered important user queries. He highlighted important updates on the platform’s recovery efforts and the reinstatement of withdrawals. The hack, which occurred through a third-party custody provider named Liminal, affected the digital assets of the exchange’s customers, but not the INR funds.

Update On WazirX Hack Fund Recovery & Withdrawal

In a series of posts on X, Nischal Shetty provided reassurances and outlined the next steps the exchange is taking to manage the fallout. He highlighted that “some options have emerged to help with the recovery which we’re exploring.” Shetty added:

“Recovery options need more time but we understand you want us to open the platform soon for withdrawal/deposit/trading. We will run a poll to help our customers decide the approach to opening up the platform. Team is working on building the poll flow so everyone can participate.”

He emphasized that despite the severity of the WazirX hack, their product platform and infrastructure remained secure. Shetty added, “P.S. INR funds are unaffected in this cyber attack. The attack was during the flow of our custody provider Liminal. WazirX product platform and infrastructure was not breached.”

Following the hack, the team has been proactive in trying to recover the stolen funds. They revealed, “The response to our Bounty Program has been strong, with 195 entries submitted so far. We invite more experts to participate — your skills and expertise are crucial in advancing our recovery efforts.”

This bounty is part of two programs launched by the exchange for on-chain investigators. It includes the track and freeze bounty, which offers up to $10,000 in Tether (USDT) for actionable intelligence that leads to the freezing of the stolen funds. In addition, the crypto exchange has offered the white hat recovery bounty. It will reward ethical hackers with up to 10% of the amount they can help recover.

Community Suggestions

In the latest update released on July 25, Shetty, updated users on the platform’s efforts to resume withdrawals. In his post, Shetty stated, “We’re working on the poll implementation. Trying to get it done and reviewed today and go live today or tomorrow.” The poll aims to gather user input on how to proceed with unlocking crypto portfolios.

In addition, Shetty emphasized the need for legal review. He stated, “We’re also checking with legal on what the duration should be and the date when we can open the platform if the poll results are positive.” He outlined the platform’s initial plan, which involves starting with a portion of users’ crypto portfolio values in locked tokens.

“While the objective is to start with a portion of everyone’s crypto portfolio value in locked tokens, we will continue to work on finding solutions to unlock those tokens as well,” the WazirX founder added.

Shetty shared several community-suggested ideas to help with unlocking tokens:

1. Recovery of stolen assets.
2. Burn tokens with exchange’s profits over time.
3. Creating new use cases for the tokens.
4. Airdrop rewards from new projects whenever available.

Also Read: Bitwise CIO Teases More Crypto ETFs After Ethereum Success, Solana & XRP Next?

Developments After The Cyber Attack

Recent developments have shown that the hacker has transferred $57 million worth of the stolen funds to two new cryptocurrency addresses. Blockchain security firm PeckShield reported that 16,350 Ether (ETH), valued over $57 million, was moved to new wallets, with the majority sent to the address “0x58d.”

The WazirX hack targeted the exchange’s multi-signature wallet, which was used for storing ETH and ERC-20 tokens. This wallet, created using Gnosis Safe, involved six signatories: five from the exchange and one from Liminal. “Three signatures of WazirX from three different devices, each using different hardware wallets, were used. All three devices were at different locations, and the links were bookmarked,” the team explained.

As the WazirX hack investigation continues, the exchange has engaged an external forensic team to conduct a thorough audit. “This will confirm whether any or all of the 3 WazirX devices were compromised. But we’re not experts at forensics, so an external forensic team will be engaged to conduct a thorough audit. This will give us better insight into whether the 3 signatures on the malicious payload were a result of a compromise or not,” the exchange stated.

Furthermore, the team revealed they are actively working with over 500 crypto exchanges to recover stolen funds due to the hack. In addition, they have also sought India’s Financial Intelligence Unit’s (FIU) help to track the lost funds. However, the exploiter has converted the majority of funds in Ethereum. They have been active of Tornado Cash, which raises concerns of ETH funds laundering.

Also Read: Bitwise CIO Teases More Crypto ETFs After Ethereum Success, Solana & XRP Next?