WazirX Hack Fallout: Lessons for Building Resilient Crypto Systems

Image

On July 18, 2024, the Indian cryptocurrency exchange WazirX   suffered a devastating security breach that resulted in the theft of approximately USD 230 million  worth of digital assets . This incident has sent shockwaves through the crypto community and raised significant concerns about the security measures employed by exchanges. The hack has not only impacted WazirX and its users but has also prompted a broader examination of cybersecurity practices in the cryptocurrency industry. This article delves into the details of the hack, its impact on the crypto markets, and the lessons it holds for anti-scam and anti-fraud experts.

WazirX Hack: What Happened?

WazirX, India's largest cryptocurrency exchange with over 16 million users, reported that one of its multisig wallets had been compromised . A multisig wallet requires multiple signatures to authorise a transaction, a security measure intended to prevent unauthorised access. Despite these precautions, the attacker managed to drain significant amounts of various cryptocurrencies, including USD 102.1 million in Shiba Inu (SHIB) tokens, USD 52.6 million in Ether (ETH), USD 11 million in Matic (MATIC), and USD 7.6 million in Pepe (PEPE).

Image

The breach occurred due to a discrepancy between the data displayed on Liminal Custody's digital interface and the actual transaction contents. This discrepancy allowed the attackers to manipulate the system in the following ways:

  1. Data Mismatch : The information shown on Liminal Custody's interface did not accurately reflect the actual transactions taking place. This means that the displayed transaction details, such as amounts, recipient addresses, or authorization statuses, were different from what was being executed on the blockchain.

  2. False Information : By exploiting this discrepancy, attackers could present false information to users and administrators. For example, a transaction might appear to be a legitimate transfer of funds between authorised accounts, while in reality, it was directing funds to an attacker-controlled address.

  3. Payload Manipulation : The attackers likely manipulated the payload, which is the data that gets signed in a transaction. This manipulation could involve altering critical transaction details after the initial user review but before the final execution. Since multisig wallets require multiple approvals, the attackers might have shown a benign transaction for approval but altered it to a malicious one at the execution stage.

Liminal Custody, responsible for the wallet's security, denied any breach  of its infrastructure, stating that the malicious payloads were injected through three compromised devices at WazirX’s end.

Speculation of North Korean Involvement

Adding to the complexity of the situation, there has been speculation that the hack might have been orchestrated by North Korean hackers. Crypto researcher ZachXBT on X suggested that the techniques used in the WazirX hack  bear similarities to those employed by the infamous Lazarus Group, a North Korean state-sponsored hacking organisation known for targeting cryptocurrency exchanges. If confirmed, this would mark another significant cyber-heist attributed to North Korea, which has reportedly used such attacks to circumvent international sanctions and fund its activities.

Impact on Crypto Markets

The immediate aftermath of the hack saw significant disruptions in the crypto markets. The stolen funds represented more than 45% of WazirX's total reserves, leading to a liquidity crisis. As a result, most cryptocurrencies, including market leaders Bitcoin (BTC) and Tether (USDT), traded at substantial discounts on WazirX compared to other exchanges. For instance, the BTC/INR pair on WazirX was priced at INR 5.1 million (USD 60,945), while it traded at INR 5.7 million on CoinDCX.

The exchange's native token, WRX, suffered a steep decline, trading 15% lower in USD terms and over 25% lower in INR terms. SHIB also saw a significant drop in value as the attacker liquidated the stolen tokens, putting downward pressure on its market price. This panic selling and rush for fiat/cash exposed the vulnerability of centralised exchanges to such attacks and demonstrated the cascading effects on market stability.

Lessons for Cybersecurity

The WazirX hack underscores the critical importance of robust cybersecurity measures in the cryptocurrency industry.

Image

Here are key takeaways for cybersecurity professionals, anti-scam investigators, and fraud prevention experts:

  1. Multi-layered Security:  While multisig wallets are a robust security measure, they are not infallible. This incident underscores the need for multi-layered security approaches, including stringent verification processes and real-time monitoring of transactions.

  2. Phishing and Social Engineering:  The use of deceptive phishing smart contracts to manipulate the multisig process underscores the ongoing threat of social engineering attacks. Education and awareness programs for employees and users are crucial to mitigate these risks.

  3. Incident Response Plans:  The slow response and lack of immediate transparency from WazirX exacerbated the situation. Exchanges must have well-defined incident response plans, including clear communication strategies to maintain user trust and minimise panic.

  4. Collaboration with Authorities:  WazirX's engagement with the Indian Computer Emergency Response Team (CERT-In) and other government agencies is a positive step. Collaboration with regulatory and law enforcement agencies is essential for effective incident resolution and recovery.

Trends and Future Directions

The WazirX hack is part of a broader trend of increasing sophistication in cyberattacks targeting the cryptocurrency sector. According to a Chainalysis report , attackers stole USD 1.7 billion from crypto platforms in 2023, with a significant increase in the number of attacks year-on-year. As crypto prices rise, so does the incentive for hackers, necessitating continuous innovation in security practices.

Emerging Trends in Cybersecurity and Crypto

  1. Increased Regulation:  The Indian government and other regulatory bodies worldwide are likely to impose stricter regulations on cryptocurrency exchanges. These regulations will focus on security standards, risk management, and consumer protection to safeguard user funds.

  2. Adoption of Decentralised Exchanges (DEXs):  The vulnerabilities of centralised exchanges may drive users towards decentralised exchanges, which offer greater security through decentralised protocols. However, DEXs are not immune to hacks and require their own set of security measures.

  3. Enhanced Security Protocols:  The industry is expected to see the adoption of advanced security technologies, such as multi-factor authentication, biometric verification, and AI-based threat detection. Continuous investment in security infrastructure will be crucial to staying ahead of evolving threats.

  4. Collaborative Defence Initiatives:  The establishment of industry-wide collaborative defence initiatives, such as information-sharing networks and joint cybersecurity task forces, can enhance the collective ability to detect and respond to threats.

Conclusion

The WazirX hack serves as a stark reminder of the challenges and risks inherent in the cryptocurrency industry. For security professionals and industry stakeholders, it highlights the need for robust, multi-layered security measures and proactive incident response strategies. As the industry continues to evolve, collaboration between exchanges, regulatory bodies, and cybersecurity experts will be key to building a safer and more resilient ecosystem. The lessons learned from this incident must drive ongoing efforts to protect digital assets and maintain user trust in the rapidly growing world of cryptocurrency.

About the Author

James Greening , operating under a pseudonym, brings a wealth of experience to his role. Formerly the sole driving force behind Fake Website Buster, James leverages his expertise to raise awareness about online scams. He currently serves as a Content Marketing & Design Specialist for the Global Anti-Scam Alliance (GASA) , and contributes to ScamAdviser.com .

James’s mission aligns with GASA’s mission to protect consumers worldwide from scams. He is committed to empowering professionals with the insights and tools necessary to detect and mitigate online scams, ensuring the security and integrity of their operations and digital ecosystems.

Connect with James Greening on LinkedIn
Aug 6, 2024
8 minute read
Category
Scam Trends Industry - Financial Authorities
Written by
Jorij Abraham
Managing Director
Share article

Latest blogs & research

Romance scams continue to grow worldwide, exploiting trust, emotional vulnerability, and online relationships to manipulate victims into financial and emotional harm. Timed around Brazil’s Valentine’s Day period, the latest GASA meet-up, Golpes do Amor — Como eles acontecem e como se proteger, explored how these scams operate, why they are so effective, and how individuals can better recognise warning signs before becoming victims. Hosted by the Brazil Chapter of the Global Anti-Scam Alliance (GASA), the discussion highlighted findings from O Estado dos Golpes no Brasil. According to the report, romance scams have already affected 18 per cent of surveyed Brazilian adults, while 6 per cent of victims reported falling for this type of scam more than once. Beyond financial losses, speakers emphasised the severe emotional consequences victims often experience, including shame, trauma, and loss of trust. Read the Report – O Estado dos Golpes no Brasil Speakers: Rose Leonel, Journalist and Founder – ONG Marias da Internet Tanila Savoy, Founder – Associação Nacional de Vítimas da Internet (ANVINT) Lisandréa Salvariego Colabuono, Police Chief and Coordinator – NOAD, Polícia Civil de São Paulo Renata Salvini, Brazil Chapter Director – Global Anti-Scam Alliance A major focus of the discussion was the manipulation techniques commonly used in romance scams. Speakers explained how scammers frequently create convincing identities, often pretending to be foreigners, military personnel, or individuals living abroad, while avoiding in-person meetings and building emotional dependency over time. Urgency and financial pressure were highlighted as major warning signs, particularly when victims are pushed to act quickly or send money under emotional circumstances. The webinar also explored the lasting psychological impact of these crimes and reinforced that victims should never be blamed. Rose Leonel shared her personal story of transforming trauma into advocacy after becoming a victim of non-consensual intimate image sharing, an experience that ultimately contributed to the creation of the Rose Leonel Law in Brazil. Speakers stressed the importance of reporting scams, noting that even small details can assist investigations and help prevent future victims. The conversation reinforced the need for greater public awareness, victim support, and collaboration between civil society, law enforcement, and digital platforms to address emotionally manipulative fraud more effectively. Through initiatives like this meet-up, GASA continues working with experts and organisations worldwide to strengthen scam prevention and support victims of online fraud. Watch the full discussion below to learn how individuals and organisations can better recognise and respond to romance scams.

Romance Scams in Brazil: Warning Signs and Prevention

Experts from Brazil discuss how romance scams work, their emotional impact, and how victims can protect themselves online.

Topic - Scam Awareness Video Event - GASA Meet-Ups Industry - Law Enforcement
Acción coordinada. Impacto real. México lidera el cambio

De Viena a la Acción: GASA México y UNODC México Cierran Brechas Operativas

GASA México y UNODC México formalizan un Acuerdo de Intercambio de Comunicaciones, convirtiendo los compromisos globales de Viena en acción coordinada contra el fraude.

News Topic - Fraud Policy Industry - Policy Makers Region - Latin America
un global fraud summit what comes next discussions

What the UN Global Fraud Summit Discussions Tell Us About What Comes Next

Watch expert discussions from the UN Global Fraud Summit on the industrialisation of fraud, global collaboration, public–private frameworks, and next steps for implementation.

Best Practices Industry - National Cyber Security Centers (NCSCs) Region - Europe Region - Global
gasa webinar

Game Over for Scammers: Regional Defenses Against Online Gambling–Related Scams

Experts from INTERPOL, ACMA, and DGOJ examine how gambling-related scams operate and how global enforcement is responding.

Region - Europe Video Topic - Fraud Policy Event - GASA Meet-Ups
22,000 Fraud Signals Bank Attack Trends – March 2026

What 22,000 Fraud & Cyber Crime Operator Signals Reveal About the State of Bank Attacks

Falkin's analysis of 22,661 fraud operator signals shows how bank attacks are evolving across regions, typologies, and AI-driven scam infrastructure.

Research Region - Global Scam Trends Topic - Fraud Research
Microsoft White Paper on Link Analysis and Digital Fingerprinting in Fraud Detection

Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis

A Microsoft white paper examines how digital fingerprinting and link analysis shift fraud detection from isolated events to connected, network-level intelligence.

Research Topic - Fraud Prevention Region - Global Topic - Scam Detection
gasa meet-up

On the Frontlines: Fighting AI-Powered Scams & Fraud

Experts from Microsoft, OpenAI, Google and C4ADS share how AI is shaping scams and how to fight back.

Topic - Fraud Prevention Region - Global Video Topic - Scam Detection

Telecoms on the Front Line: GASA at the Stimson Center Dialogue on Combating Scams

According to GASA’s Global State of Scams Report, telecommunications channels—voice and SMS in particular—remain a predominant “front door” for scams.

News Topic - Fraud Policy Region - North America Industry - Policy Makers