$235 Million Crypto Heist: Telegram Account Crashes WazirX Exchange

Indian police have arrested a resident of Bengal suspected of orchestrating a hacker attack on the cryptocurrency exchange WazirX. As a result of the breach, crypto assets worth $235 million were stolen from the exchange’s multi-signature wallets.

According to the indictment provided to Cointelegraph, the leak was not due to vulnerabilities within the WazirX system. Instead, hackers gained access to the exchange using a fake account that was sold via Telegram and later used by a third party.

During the investigation, WazirX cooperated with authorities by providing all necessary equipment, customer data, and transaction logs. The Indian Cybercrime Center (IFSO) confirmed that the exchange’s systems were not compromised, indicating a high level of security.

It was revealed that the hackers accessed the crypto wallets through deception and withdrew significant funds. Investigators believe the arrested individual was part of a group that used fake accounts to access the platform. He also admitted to receiving a large reward for selling the WazirX account through Telegram.

The investigation faced challenges, as third-party companies managing the exchange’s digital assets did not immediately provide the required data, slowing down the process.

Conflict with Liminal Custody

Meanwhile, WazirX entered into a dispute with its digital asset custody partner, Liminal Custody. On October 22, Liminal released a statement accusing WazirX of spreading false information. According to Liminal, WazirX blamed the company for the leak, even though the exchange continued to store assets on the platform for 75 days after the breach.

WazirX representatives, in turn, stated that they had already begun transferring the remaining assets to new, more secure wallets. Independent audits confirmed that the exchange’s systems remained intact, despite the difficulties encountered during the investigation.

Aftermath and Community Reaction

After hackers stole nearly half of the exchange’s reserves in what became the largest crypto theft in India, WazirX suspended all trading operations. The company later introduced a week-long recovery plan, aiming to implement a “fair and transparent social distribution strategy” to evenly spread losses among all users. This decision sparked outrage within the local crypto community.

The cyberattack on WazirX resulted in the theft of more than 200 different cryptocurrencies. The attack targeted one of the company’s multi-signature wallets, which requires several keys to authorize transactions. The compromised wallet was signed by six people: five from WazirX and one from Liminal. Most transactions on the platform require approval from three WazirX signers and one Liminal signer. The attackers managed to bypass the security system by exploiting a mismatch between Liminal’s interface and the actual transaction data.