WazirX hack: new allegations reignite debate over inside job vs. cyberattack

On 18 July 2024, WazirX, India’s largest cryptocurrency exchange, suffered a significant breach with $235 million (₹2,000 crore) siphoned from a single wallet.

Initially blamed on the North Korean Lazarus Group, the hack raised alarms across India’s crypto sector.

Allegations from users and discrepancies in WazirX’s financial handling have led to speculations by users on X that the incident may have been an inside job.

With suspicions mounting and evidence emerging, questions persist about whether this was a cyberattack or a calculated ploy amidst financial turmoil.

Financial strain and regulatory hurdles set the stage for disaster

WazirX’s troubles began long before the July hack. In February 2022, India’s 30% crypto tax caused user activity and profits to plummet.

Two months later, founders Nischal Shetty and Siddharth Menon moved to Dubai, raising eyebrows about the exchange’s future amidst increasing scrutiny.

By August 2022, allegations of money laundering led India’s Enforcement Directorate to freeze $8 million in WazirX assets.

This marked the start of significant operational strain. In early 2023, Binance, its former partner, severed ties, creating governance gaps and cutting off vital support.

In January 2024, Binance’s ban in India forced users to consolidate funds back into WazirX, swelling reserves.

This led to a risky centralization of $235 million into a single wallet, making it an easy target—or an intentional liability, as critics suggest.

Hack exposes operational negligence or intentional foul play?

The July 2024 hack wiped out the $235 million concentrated in WazirX’s central wallet.

Critics questioned the rationale behind consolidating such a large amount in one location. Was it poor risk management or deliberate action disguised as negligence?

Further scrutiny revealed inconsistent figures regarding the stolen funds.

WazirX’s initial claim of $570 million in reserves, with $234 million stolen, was later revised to $546 million and 45% lost.

These discrepancies pointed to weak internal controls and heightened suspicions of foul play.

Allegations of financial mismanagement deepen

Financial audits have exposed troubling practices at WazirX. In 2022, the exchange spent $79 million—almost 80% of its revenue—on marketing, with no detailed breakdown.

A further $15 million in administrative costs and $23 million in vague liabilities categorized as “Others” raised red flags.

Discontent grew when WazirX proposed a moratorium in Singapore, restructuring obligations after the hack.

With only 0.01% of users supporting this plan, concerns over transparency and user trust deepened.

Adding to the drama, CoinSwitch, a rival platform, sued WazirX in September 2024 to recover funds allegedly trapped post-hack, citing inadequate wallet security.

These legal battles paint a picture of a platform mired in operational chaos.

Users face losses as WazirX launches repayment plan

Under pressure to restore confidence, WazirX unveiled a repayment scheme.

A “rebalancing calculator” now allows users to claim funds, though at a 48% loss. Recovery Tokens, representing $1 each, will serve as placeholders for outstanding balances, with repayment tied to future revenues.

WazirX plans to restart operations, including launching a decentralized exchange and revamping its centralized platform to generate revenue.

However, skeptics question whether these measures will suffice to regain user trust.

Investigations reveal potential insider involvement

The Delhi High Court and local police have begun probing claims of internal malpractice.

Allegations include merging funds from hacked and unaffected accounts, violating user agreements, and transferring stolen assets to Singapore.

Adding weight to these claims, the arrest of a suspect linked to the breach has introduced a new angle.

Investigators allege the suspect sold fake accounts used to infiltrate WazirX’s systems.

Despite this, questions remain about whether this was merely a cybercrime or an orchestrated internal operation.

A broken system leaves users in despair

For many WazirX users, the hack’s fallout has been devastating.

Stories of financial ruin abound as victims struggle with debt, lost savings, and uncertainty over recovery.

Meanwhile, India’s regulatory response has been criticized for its sluggishness, leaving users reliant on Singapore’s legal system for redress.

With millions at stake and no clear resolution in sight, the WazirX hack serves as a cautionary tale for the crypto industry.

Whether it was an inside job or a sophisticated cyberattack remains to be seen, but the consequences for user trust and platform accountability are already clear.

The post WazirX hack: new allegations reignite debate over inside job vs. cyberattack appeared first on Invezz