In July 2024, hackers stole $230 million from WazirX, one of India's largest cryptocurrency exchanges. The exchange quickly halted all trading and operations to prevent further losses.
The attack on WazirX was a major blow to the crypto industry in India. It also highlighted the need for stronger regulations and protections for crypto assets in the country.
The stolen funds were primarily held in hot wallets, which are used for active trading. Hackers managed to steal 45% of the exchange’s reserves. After the attack, WazirX stopped all trading and operations to prevent further damage.
Investigators found that most of the stolen funds were ERC-20 tokens, which are used on the Ethereum blockchain. By September 2024, analysts had tracked $50 million of these funds moving through Tornado Cash, a tool that hackers often use to hide stolen money. The largest transfer happened on September 25, when hackers moved $10 million worth of Ethereum.
WazirX began legal and recovery efforts soon after the attack. In August 2024, the Singapore High Court gave the exchange’s parent company, Zettai Pte Ltd, four months to restructure its debts. This allowed WazirX to focus on recovering the stolen funds.
During this time, WazirX also faced legal challenges from other parties. CoinSwitch, a rival crypto exchange, sued WazirX over $9.7 million in locked funds, which included a mix of ERC-20 tokens and other assets.
Despite these challenges, WazirX announced plans in October to list 240,000 wallet addresses in court as part of its efforts to show transparency and accountability.
In a recent joint statement, the United States, Japan, and South Korea blamed North Korea's Lazarus Group for the WazirX hack. The Lazarus Group is a state-backed hacking organization that has been linked to several high-profile crypto thefts in recent years.
The stolen funds are used to fund North Korea's weapons of mass destruction and missile programs.
WazirX co-founder Nischal Shetty told users in November 2024 that the exchange plans to resume trading by February 2025. However, this depends on the success of ongoing recovery efforts and legal proceedings.
