WazirX Plans to Spread $230 Million Loss Among Users

WazirX, a leading Indian cryptocurrency exchange, recently shared a controversial plan to distribute a $230 million loss among its users following a major security breach.

The Mumbai-based company halted trading last week. A cyber attack compromised nearly half of its reserves, marking India’s largest crypto heist to date.

WazirX Plans to Share $230 Million Breach Loss with Users

On July 18 blockchain security firm Cyvers detected suspicious activity originating from WazirX’s Safe Multisig wallet on the Ethereum network. Cyvers raised concerns that a malicious entity might have compromised the wallet.

Following the breach, the suspicious address engaged in several cryptocurrency swaps. In response, WazirX suspended its platform operations, filed a police report, and notified the Financial Intelligence Unit (FIU) and CERT-In.

To address the fallout, WazirX plans to resume its work within a week, implementing a “fair and transparent socialized loss strategy.” This approach will involve rebalancing customer portfolios. The exchange will return only 55% of their holdings and lock the remaining 45% in USDT-equivalent tokens. Notably, this affects even those users whose assets were not directly stolen.

Read more: 15 Most Common Crypto Scams to Look Out For

WazirX offers two recovery options. Option A allows users to trade and hold assets, prioritizing them in recovery efforts but restricting withdrawals. Option B permits trading and withdrawals but places users at a lower priority for recovery. Users can switch between these options before making any trades or withdrawals.

The exchange founder Nishal Shetty addressed the community, stating the firm did not insure customer funds as viable options were unavailable. He warned that recovery could take years and might not fully restore losses.

Critics, including Nikhil Pahwa, a policy expert, argue that WazirX’s actions exceed typical exchange responsibilities, essentially redistributing assets among users. Customers have also questioned why the company isn’t using its profit reserves to mitigate losses.

“WazirX is actually exercising control over crypto assets that it holds for users. This means that it is not just acting as an interchange & a depositary, but actually reaching into user wallets and taking out crypto and giving it to others. It can’t claim to be an exchange only,” Pahwa said.

Read more: Crypto Project Security: A Guide to Early Threat Detection

As BeInCrypto reported earlier, three days after the incident, WazirX launched a bounty program. The program offers $23 million to the hacker for returning the stolen funds. Additionally, the exchange is offering up to $10,000 in USDT to anyone who can provide actionable intelligence leading to the freezing of the stolen assets.

Initially, WazirX had offered a 5% reward, amounting to $11.5 million. However, on-chain investigator ZachXBT suggested increasing the bounty due to the potential involvement of North Korea’s Lazarus group.

“[A] $10 million bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable. 5% is lower than 10%+ industry standard,” he stated.