WazirX has initiated the second phase of its fiat currency withdrawal process earlier than expected, on Sept. 3, despite the original start date being set for Sept. 9. This decision comes as the exchange deals with the aftermath of a major security breach that saw the theft of over $230 million in user assets. CEO Nishal Shetty took to social media to share this update and reassured users that the exchange is working diligently to restore access to customer funds. At present, users have the ability to withdraw up to 66% of the total INR amount they have deposited on the platform, while the remainder will be accessible at a later date.
Consequences of the Security Breach
The security breach in July, wherein a hacker exploited a vulnerability in one of WazirX’s multisig wallets, resulted in significant losses for the exchange. This included $100 million in Shiba Inu (SHIB) and $52 million in Ethereum (ETH). Subsequently, WazirX was forced to halt its operations and embark on a restructuring process to address the issue and attempt to reimburse affected users. Legal advisors have indicated that customers are unlikely to recover the full amount of their lost funds, with estimated returns ranging between 55% and 57% of the original assets. The restructuring endeavors are geared towards managing these liabilities, however, the future remains uncertain for many impacted users.
Hacker Activity
In a parallel development, the hacker responsible for the breach has started to move the stolen Ether through the crypto mixer Tornado Cash on Sept. 2, according to data from Arkham Intelligence. This operation involved the transfer of nearly $6.5 million worth of Ether in 16 transactions on the Ethereum network. Notably, this is the first instance where the hacker’s address, containing over $155 million in various tokens, has transferred funds to Tornado Cash. The attack on WazirX is suspected to be attributed to the North Korean hacking group Lazarus, known for laundering more than $1 billion in stolen funds and being subject to international sanctions for their intricate cyber activities.
Leave a Reply