WazirX hack: West Bengal man arrested over $235 million cyber attack

1 week ago 7
Man in handcuffs.

A man from the Indian state of West Bengal has been arrested in connection with the $235 million hack on WazirX, marking the first arrest related to the cyber attack.

According to the chargesheet, the accused, SK Masud Alam, allegedly created a fake WazirX account under the name “Souvik Mondal” and then sold it via Telegram to another individual, M Hasan, who exploited the account to gain access to WazirX’s hot wallet, extracting $235 million worth of cryptocurrency before attempting to breach its cold wallet.

Details on how this account was specifically used to exploit the system, however, have not been disclosed.

Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) unit spearheaded the investigation, which revealed that the hack was not due to vulnerabilities within WazirX’s internal systems. 

The chargesheet clarified that WazirX’s security protocols held up, with no signs of internal vulnerabilities, which initially came under scrutiny following the breach.

Throughout the investigation, WazirX reportedly cooperated fully with Delhi Police, providing key data such as Know Your Customer (KYC) records, transaction logs, and other materials. 

As part of their investigation, authorities seized three laptops used by WazirX’s authorised signatories to approve transactions on the platform.

WazirX’s assistance allowed investigators to conclude that its internal security infrastructure remained uncompromised.

In contrast, the police chargesheet criticised Liminal Custody, WazirX’s digital asset custodian, for what it termed as a lack of cooperation.

Liminal, which was responsible for managing WazirX’s wallet security, allegedly failed to respond to multiple notices requesting information on the hack.

According to the charge sheet, this unresponsiveness complicated efforts to map the complete chain of events leading up to the hack.

Liminal’s role in the matter will be further scrutinised in a supplementary chargesheet as the investigation unfolds.

The blame game

WazirX initially pointed to discrepancies in the data displayed on Liminal’s interface in its post-mortem report of the incident. The exchange suggested that inconsistencies in Liminal’s platform may have contributed to the breach.

WazirX followed up with a forensic analysis conducted by Google subsidiary Mandiant Solutions, which revealed no signs of compromise on the three laptops used by the exchange for transaction signing, effectively ruling out any internal hardware issues. 

In response, Liminal engaged Grant Thornton for an independent audit, which verified that the breach had occurred outside of Liminal’s infrastructure.

Months later, Liminal issued a statement on Oct. 22, countering allegations of negligence and calling out WazirX’s alleged “disinformation campaign.” Liminal’s statement noted that the exchange still held over $175 million on its platform 75 days post-breach, despite publicly attributing the breach to the custody provider’s security.

Soon after, WazirX announced that it would be ending its partnership with Liminal, noting plans to engage a new custodian with enhanced security measures, including user fund insurance.

Recovery efforts

As a part of its recovery efforts, WazirX filed for a moratorium in September as part of a restructuring process in Singapore, where the company’s current owner is based.

The moratorium was granted, providing the exchange with four months of immunity from legal proceedings while it reorganises.

To fast-track creditor repayment efforts, WazirX has outlined several initiatives to revitalise its trading platform, including new offerings like crypto staking, an over-the-counter desk, and futures trading. 

Additionally, the exchange plans to launch a decentralised exchange (DEX), with a portion of the revenue from these combined initiatives allocated to support creditor repayments.

The post WazirX hack: West Bengal man arrested over $235 million cyber attack appeared first on Invezz

Read Entire Article