Indian cryptocurrency exchange WazirX canceled all open orders and returned the corresponding INR and crypto assets to users’ balances.
According to a statement released on X, the move is part of the exchange’s ongoing efforts to address issues related to INR and crypto balances after a massive cyberattack last month.
WazirX halted trading on its platform following a $230 million exploit on July 18, which led to widespread disruption. In the aftermath, the exchange proposed a recovery program, dubbed a “socialized loss strategy,” which was met with criticism from the crypto community.
Speculation at the time suggested that North Korea’s notorious Lazarus Group was responsible for the exploit. Recovery of assets following such attacks is rare, further complicating the situation for the beleaguered exchange.
Earlier in August, WazirX said it plans to reverse all trades that occurred after the withdrawal freeze it implemented on July 18 in response to the attack. The exchange stated that the decision was made to “protect the integrity of our platform and facilitate an equitable outcome for users” affected by the incident.
– Advertisement –
Interestingly, Google’s cybersecurity subsidiary Mandiant reportedly confirmed that WazirX’s laptops were not compromised during the cyberattack, providing some reassurance about the integrity of the exchange’s internal systems.
The hack resulted from discrepancies between data displayed on the digital custody platform Liminal and the actual transaction contents on WazirX. The attacker reportedly stole at least $100 million in Shiba Inu and $52 million in Ether, accounting for 45% of WazirX’s reserves.
WazirX co-founder Nischal Shetty proposed two paths forward for the exchange following the breach. accessing 55% of their funds without the ability to withdraw but with priority for any potential recovery funds, or accessing 55% of their funds with the ability to withdraw but with secondary priority. The remaining 45% would be converted to USDT and locked.
The proposal met with backlash, prompting both WazirX and Shetty to clarify in subsequent posts that the poll was not legally binding and was intended to gauge user opinions on the best way forward.
Shetty reiterated that the poll was not binding but defended the option of socializing the losses. He argued that this approach would allow the exchange to re-open and continue operations while exploring other options for recovering the lost tokens and reimbursing affected users.
However, many criticized this approach, arguing that it unfairly penalizes users for the breach. CoinDCX co-founder Sumit Gupta stated that the company should first absorb the losses before passing them on to customers. “Making customers directly absorb the 45% losses is utter nonsense. The poll options are also framed in a manner to protect the business first and not the customers,” Gupta added.
The breach targeted WazirX’s multisig wallet on the Ethereum network. Over 200 different crypto assets were stolen, including Shiba Inu, Ethereum, Polygon, and PePe memecoin. In response, WazirX has paused all withdrawals, acknowledging the security breach and describing it as a “force majeure event” beyond its control.