At WazirX, our commitment to transparency remains unwavering. We believe in keeping our community well-informed, especially in light of recent events. To this end, we are providing a day-wise report on actions taken after the cyber attack on July 18, 2024. We will update this blog frequently to inform you about our progress and the steps we are taking.

Incident Overview

On July 18, 2024, WazirX experienced a cyber attack targeting one of our multisig wallets, resulting in the theft of digital assets exceeding $230 million. The affected wallet was managed using Liminal’s digital asset custody and wallet infrastructure. As a result of the attack, our ability to maintain 1:1 collaterals with assets has been deeply impacted.

Day-Wise Report

Nov 22, 2024

• Enhancements made to Rebalancing Calculator: Based on community feedback, we have made some enhancements to the Rebalancing Calculator, such as Currency Preference. To read more, click here

Nov 7, 2024

• Introducing the Rebalancing Calculator: With the Rebalancing Calculator, you will be able to see how Liquid Assets will be rebalanced to reflect the token denominations in each Creditor’s platform balance. Future updates will demonstrate how Creditors can benefit from potential market price gains on their rebalanced tokens.
  
  To access the Calculator, click here.

Nov 6, 2024

• Fourth Townhall: We hosted our Fourth Townhall with the community, where we introduced the new Rebalancing Calculator and discussed other value drivers that are being explored as part of the restructuring efforts. If you missed it, you can watch the recording here.

Oct 29, 2024

• Introducing the Scheme Timeline Calculator: The Scheme Timeline Calculator is an interactive tool designed to guide you through each step of the restructuring process. It enables users to explore scenario-based timelines and keep track of essential dates. While WazirX is dedicated to progressing as quickly as possible, certain phases depend on Singapore court schedules, particularly during the holiday season. This tool enhances transparency, keeping you well-informed throughout the journey.
  
  To access the Calculator, click here

Oct 25,2024

• Proof of Reserves is now live: In line with our commitment to transparency, you can now verify wallet addresses and review asset balances through our Proof of Reserves by clicking here
  
  Note: A Proof of Reserves dashboard with dynamically updated data by CoinGabbar (a renowned platform for tracking crypto assets) will be available soon. For more details, click here

Oct 17, 2024

• Disclosure of 240,000+ wallet addresses: At WazirX, we’ve always believed that transparency is key to building and maintaining trust with our users. Today, we’re taking another step forward in that journey by sharing something important, an affidavit that includes the details of approximately 240,000 wallets with balances. This affidavit will be filed with the High Court of Singapore today as directed and will also be provided to creditors in the ongoing restructuring of Zettai Pte Ltd. For more details, click here.

Oct 4, 2024

• Third Townhall: We hosted our Third Townhall with the community, discussing the formation of the Committee of Creditors (COC) and its crucial role in the restructuring process. The session concluded with a live Q&A. If you missed it, you can watch the recording here

Oct 2, 2024

• Formation of Committee of Creditors (COC): We are in the process of forming a Committee of Creditors (COC) to represent creditors’ interests in the proposed restructuring of Zettai Pte Ltd. The COC will play a critical role in providing feedback, monitoring progress, and facilitating communication between creditors and the company. For more details, click here.

Sept 26, 2024

• WazirX Granted Four-Month Moratorium by Singapore Court: The Singapore court has granted WazirX a four-month moratorium, affirming the company’s compliance with the legal and procedural requirements under Section 64 of the IRDA. This decisive court ruling highlights WazirX’s commitment to act swiftly and responsibly in the interests of all stakeholders.
  
  This action paves the way for the fastest, creditor-approved, and legally binding resolution to restore crypto balances, ensuring a fair and timely outcome for all stakeholders.
  
  As part of the court’s conditions, WazirX will make wallet addresses public via a court affidavit, respond to user queries raised in the courtroom, release financial information, and ensure future voting for court applications is scrutinized by independent parties. You can read more about this here

Sept 16, 2024

• Second Townhall: We hosted our Second Townhall with the community, where we discussed the draft restructuring proposal and explained the worked examples, followed by a live Q&A session. If you missed it, you can watch the recording here

Sept 12, 2024

• Based on community feedback, we’re enhancing the support options for our Moratorium Application. In addition to “Yes, I support,” users now have the option to select “No” or “No Position.”

Sept 7, 2024

• FAQs: We’ve been regularly updating our blogs with FAQs about the Moratorium Application in both English and Hindi.
  
  – FAQ Blog in English
  – FAQ Blog in Hindi

Sept 3, 2024

• INR Withdrawals Phase 2 Starts Early: All eligible users can now withdraw up to the full 66% limit of their INR balances. Originally scheduled for September 9, we’ve expedited this process to provide quicker access.

Sept 2, 2024

• First TownHall: We held our first Townhall with the community to discuss the proposed restructuring and Moratorium Application, and to address some of the frequently asked questions. If you missed the Townhall, you can watch it here.

Aug 28, 2024

• Moratorium Application Filed in Singapore Court: We wish to update all users of the WazirX Platform that we have taken the next step to address users’ crypto balances following the 18 July 2024 cyberattack by filing for a moratorium with the Singapore High Court under the Insolvency, Restructuring and Dissolution Act 2018. This will provide the necessary space to restructure crypto liabilities of the Platform through a Scheme of arrangement. For more details, read here

Aug 26, 2024

• INR Withdrawals Phase 1: We went live with Phase 1 of INR withdrawals, allowing all eligible users to withdraw up to half of the available 66% limit of their INR balance.

Aug 23, 2024

• Update on INR Withdrawals and Crypto Next Steps: Over the past few weeks, the WazirX team has been working with partners to address concerns about crypto balances and INR balances. As a result, we are lifting the suspension on INR withdrawals starting 26 August 2024. Withdrawals will be enabled in phases, allowing eligible users to withdraw up to 66% of their INR balances:
  
  – From 26 August to 8 September 2024, users will be able to withdraw up to half of the present ~66% limit of their INR balances; and
  – From 9 to 22 September 2024, users will be able to withdraw up to the full ~66% limit of their INR balances.
  
  For more details, read here.

Aug 21, 2024

• Canceled All Open Orders: We have canceled all Open Orders currently placed on WazirX. Any INR and crypto assets blocked in these Open Orders will be added to the user’s respective balances.

Aug 19, 2024

• A globally renowned and leading cybersecurity and investigations firm has confirmed that WazirX laptops were not compromised, marking a crucial milestone in our ongoing investigation. We have shared our findings with law enforcement to aid in the recovery of stolen assets. We continue to work closely with global partners to protect our community and strengthen the crypto ecosystem. You can read about it here.

Aug 16, 2024

• Restoration of Balances Completed: We have completed the restoration of account balances, undoing all trades made after the withdrawal stoppage at 1 PM IST on 18th July 2024.
• Crypto & INR Balances: We’re working on these two aspects on priority. Both these solutions need legal analysis which is ongoing.

Aug 15, 2024

• Announced Downtime for Balance Restoration: We announced a downtime from 6 PM on 15th August to 4 AM IST on 16th August to restore account balances and undo trades made after the withdrawal stoppage at 1 PM IST on 18th July 2024.

Aug 14, 2024

• Migration of Remaining Assets Held with Liminal: We are migrating the remaining assets held with Liminal to new multisig wallets to ensure maximum security following the July 18th cyber attack. The list of new wallets will be published once the migration is complete. The list of affected assets is available on-chain, and you can view all related transactions performed by the attacker after 18th July, 11:45 AM here 👉 https://wrx.gg/raa

Aug 13, 2024

• Withdrawals: We are working with legal experts to help us formulate an effective method for enabling withdrawals.
• Bounty Program: We have received entries from 344 bounty hunters, including security professionals and ethical hackers, who are actively pursuing the trail of the stolen funds.
• Partnership Outreach: We are in touch with multiple partners to explore all possible solutions to mitigate the financial impact of the cyberattack. Currently, we are in discussions with seven partners and making steady progress.

Aug 8, 2024

• After careful consideration of the situation and feedback from numerous users, we are constrained to restore the balances of all accounts and undo all trades carried out on the WazirX platform following the stoppage of withdrawals on July 18, 2024, at 1 PM IST. You can read more about it here.

Aug 6, 2024

• An FIR was registered under BNS & IT Act on August 5, 2024, at PS Special Cell, New Delhi, following our complaint about the cyber attack on our multisig wallet.

July 27, 2024

• Customer Poll: We have launched the way-forward poll. Read more here. We are actively answering queries from our community regarding the poll on asset management preferences. We will continue to share responses as we receive more questions.
• Investigations: We continue to explore all possible sources of the breach.
• Continued Coordination: Maintained efforts to connect with exchanges and collaborate closely with Law Enforcement Agencies (LEAs).
• Bounty Update: Received additional inquiries regarding our bounty program.
• Partnership Outreach: Engaged with potential partners to find solutions that will benefit our customers.
• Token Project Outreach: Continued efforts to contact projects associated with the stolen tokens, seeking their support in the recovery process. We are also appealing to these projects to assist us with any available emergency reserves to help mitigate the impact of the cyber attack.
• Recovery Plans: Evaluating emerging options to aid in the recovery process.

July 26, 2024

• Customer Poll: We have finalized the implementation of the way-forward poll, which is scheduled to go live tomorrow.
• Investigations: We continue to explore all possible sources of the breach. For more details, please read our detailed blog here.
• Platform Reopening: We are actively working towards reopening the WazirX platform.
• Continued Coordination: Maintained efforts to connect with exchanges and collaborate closely with Law Enforcement Agencies (LEAs).
• Bounty Update: Received additional inquiries regarding our bounty program.
• Partnership Outreach: Engaged with potential partners to find solutions that will benefit our customers.
• Token Project Outreach: Continued efforts to contact projects associated with the stolen tokens, seeking their support in the recovery process. We are also appealing to these projects to assist us with any available emergency reserves to help mitigate the impact of the cyber attack.
• Recovery Plans: Evaluating emerging options to aid in the recovery process.
• Community Engagement: Addressed the community with updates and information.

July 25, 2024

• Customer Poll: We are finalizing the implementation of the way-forward poll, aiming to have it reviewed and go live tomorrow. We are consulting with legal to determine the poll duration and potential reopening date for the platform. Our initial goal is to unlock a portion of each user’s crypto portfolio value in locked tokens while continuing to seek solutions to unlock additional tokens.
• Investigations: Our ongoing investigation has found no evidence of compromise on our signers’ machines. We continue to explore all possible sources of the breach. For more details, please read our detailed blog here.
• Continued Coordination: Maintained efforts to connect with exchanges and work closely with Law Enforcement Agencies (LEAs).
• Bounty Update: Received over 229 inquiries regarding our bounty program.
• Withdrawals: Actively working on enabling withdrawals for our users.
• Activities: Exploring various strategies to enable deposits, withdrawals, and trading on the platform.
• Partnership Outreach: Engaged with potential partners to find solutions that will benefit our customers.
• Token Project Outreach: Continued efforts to contact projects associated with the stolen tokens, seeking their support in the recovery process. We are also appealing to these projects to help us with any available emergency reserves to help mitigate the impact of the cyber attack. 
• Recovery Plans: Evaluating emerging options to assist in the recovery process.

July 24, 2024

• Continued Coordination: Maintained efforts to connect with exchanges and work closely with Law Enforcement Agencies (LEAs).
• Bounty Update: Received over 195 inquiries regarding our bounty program.
• Withdrawals: Actively working on enabling withdrawals for our users.
• Activities: Exploring various strategies to enable deposits, withdrawals, and trading on the platform.
• Partnership Outreach: Engaged with potential partners to find solutions that will benefit our customers.
• Token Project Outreach: Continued efforts to contact projects associated with the stolen tokens, seeking their support in the recovery process. We are also appealing to these projects to help us with any available emergency reserves to help mitigate the impact of the cyber attack. 
• Recovery Plans: Evaluating emerging options to assist in the recovery process.
• Customer Poll: We will soon run a poll to gather feedback from our customers on the best approach for reopening the platform. Our team is working on the poll setup to ensure everyone has the opportunity to participate.

July 23, 2024

• Continued Coordination: Continued efforts to reach out to/follow up with exchanges and collaborate with LEAs.
• Bounty Update: Received over 133 inquiries regarding our bounty program in the last 48 hours.
• Withdrawals: Actively working on enabling withdrawals for our users.
• Deposits: Exploring various strategies to enable deposits, withdrawals, and trading on the platform.
• Partnership Outreach: Engaged with potential partners to find solutions that will benefit our customers.
• Token Project Outreach: Actively contacting projects associated with the stolen tokens to seek their support in the recovery process.

July 22, 2024

• Continued Coordination: Continued efforts to reach out to/follow up with exchanges and collaborate with LEAs.
• Bounty Update: Received over 80 inquiries for our bounty program within 24 hours.
• Activities: Deposits, withdrawals, and trading remain paused for all users.
• Withdrawals: Actively working on enabling withdrawals for our users.

July 21, 2024

• Continued Coordination: Continued efforts to reach out to/follow up with exchanges and collaborate with LEAs.
• Bounty Announcement: Launched a bounty program to recover the stolen assets. Rewards of up to $10,000 worth of USDT will be given for actionable intelligence that leads to the freezing and recovery of the stolen funds. We are offering 10%, i.e., up to $23 Million, as White Hat Bounty. Read more.
• Trading Paused: Temporarily paused trading on WazirX as we continue our recovery efforts.
• User Update: Comprehensive update shared with our users to keep them fully informed about the current status and actions being taken.
• Recovery: We have recovered small portions of the stolen assets. We cannot disclose specific details at this time.

July 20, 2024

• Continued Coordination: Continued efforts to reach out to exchanges and collaborate with LEAs.
• Trading Alert: Advised users to refrain from trading on WazirX during this critical period.

July 19, 2024

• Global Outreach: Started reaching out to over 500 exchanges to block the identified wallet addresses.
• Law Enforcement Collaboration: Engaged with Law Enforcement Agencies (LEAs) and forensic experts.
• Service Suspension: Temporarily paused deposits and withdrawals for all users to prevent further loss.
• Community Awareness: Updated the community on our progress with LEAs and issued warnings about potential scams impersonating WazirX.

July 18, 2024

• User Notification: Immediately informed our users about the cyber attack and its potential impact. 
• Official Complaints: Filed an online complaint with the National Cyber Crime Reporting Portal and are processing a physical complaint.
• Notified Authorities: Informed the Financial Intelligence Unit (FIU) and Computer Emergency Response Team (CERT-In).
• Investigation Initiated: Began tracking the chain of transfers and initiated further investigations.
• Exchange Coordination: Contacted multiple exchanges to block and recover the stolen assets based on available intelligence.
• Community Updates: Shared preliminary findings and updates with our community. Read here.

Fact Checks

• The impact of the over $230M cyber attack is on the digital assets of our customers.
• INR funds are unaffected in this attack.
• The WazirX platform was NOT breached.
• The breach happened on July 18, and there was no breach of the WazirX multi-sig wallet before that.
• Our hot wallets don’t hold more than a few percent of funds at any given time.
• The cyber attack was on our multi-sig wallet hosted outside the WazirX product infrastructure, which we were accessing through a third-party custody provider, Liminal.
• This incident has affected the Ethereum multisig wallet, which consists of ETH and ERC20 tokens. Other blockchain funds are unaffected. 
• The smart contract was created using Gnosis Safe. We started using Liminal in February 2023, and that’s when Liminal’s key was also added to the smart contract.
• The wallet had six signatories—five from our WazirX team and one from Liminal, who were responsible for transaction verifications. A transaction typically requires approval from three of the WazirX signatories (all three of whom use Ledger Hardware Wallets for security), followed by the final approval from Liminal’s signatory. A policy to whitelist destination addresses was also in place to enhance security. These whitelisted addresses were earmarked and facilitated on the interface by Liminal; consequently, the WazirX team had the ability to initiate transactions to the said whitelisted addresses. 
• Three signatures of WazirX from three different devices, each using different hardware wallets, were used. All three devices were at different locations, and the links were bookmarked. They sign looking at what information is shown on their Liminal website interface. They cannot see details on the hardware wallet since ErC20 is blind signing so they can only trust the web interface of custody wallet service provider. 
• We’re certain that the hardware keys of any of the 3 WazirX wallets were NOT compromised. For the 3 WazirX devices used for signing, our preliminary analysis has not found any signs of compromise. But we’re not experts at forensics, so an external forensic team will be engaged to conduct a thorough audit. This will confirm whether any or all of the 3 WazirX devices were compromised. This will give us better insight into whether the 3 signatures on the malicious payload were a result of a compromise or not.
• Liminal is conducting a detailed analysis of how the malicious payload was signed on their end. They’re working on finding the root cause, and we await their final report. This will give us a better insight into how the fourth signer ended up signing the malicious payload.
• This attack is only possible if there are 4 points of failure in the signing process.
• This cyber attack was not due to a Phishing link.

We will update this blog frequently with the latest information and developments. Your trust and security are our top priorities, and we are working diligently to resolve this situation.

Thank you for your continued support and understanding.

Disclaimer: Cryptocurrency is not a legal tender and is currently unregulated. Kindly ensure that you undertake sufficient risk assessment when trading cryptocurrencies as they are often subject to high price volatility. The information provided in this section doesn't represent any investment advice or WazirX's official position. WazirX reserves the right in its sole discretion to amend or change this blog post at any time and for any reasons without prior notice.