Indian police have detained a Bengal resident who is suspected of being involved in a hacker attack on the WazirX cryptocurrency exchange. The attack resulted in the theft of cryptocurrency assets worth $235 million from multiple wallets.
According to reports, hackers gained access to the WazirX system through a fake account that was sold on Telegram and then used by a third party. The exchange assisted investigators in the investigation by providing necessary equipment, customer data, and transaction logs. The Indian Cybercrime Coordination Center confirmed that the exchange’s systems were not hacked, indicating a high level of security.
The investigation revealed that hackers used fake accounts to access cryptocurrency wallets and siphoned off significant funds. The detainee admitted to being part of a group involved in the hack and acknowledged receiving a substantial reward for selling the fake WazirX account on Telegram.
However, the investigation faced challenges as third-party companies responsible for controlling digital assets did not promptly provide the required data, causing delays. Meanwhile, WazirX was embroiled in a dispute with Liminal Custody, its digital asset storage partner.
Liminal Custody accused WazirX of disseminating false information related to the hack, claiming that WazirX continued to store assets on the platform for 75 days after the breach. In response, WazirX stated that they had initiated the process of transferring remaining assets to new wallets with enhanced security measures.
Following the theft of nearly half of its reserves in the largest cryptocurrency heist in India, WazirX halted all trading activities. The company later announced a weekly strategy for resuming operations, intending to implement a fair and transparent redistribution plan to evenly distribute losses among all users, a decision that sparked criticism within the local cryptocurrency community.
The cyberattack on WazirX resulted in the theft of over 200 different cryptocurrencies. The attackers targeted a wallet with multiple signatures, requiring multiple keys for transaction authorization. Despite the wallet being signed by five WazirX personnel and one from Liminal, the hackers managed to circumvent the security measures by exploiting a discrepancy between the Liminal interface and the actual transaction data.