WazirX Hack Full Story In Public Domain: Unveiling the Events Leading to a Possible Insider Job

A Crypto X account dedicated to represent WazirX customers against WazirX hack incident shared the full story behind the WazirX hacking incident, on behalf of insiders report & information.

Event Before Hack

On July 11, 2024, the hacker, using a fake KYC account created in West Bengal, deposited ₹1 crore worth of cryptocurrency into WazirX. Over the next few days, the hacker strategically bought GALA tokens with the intent to drain WazirX’s hot wallet. On July 18, they started withdrawing GALA tokens, effectively emptying the hot wallet.

In response, WazirX began transferring funds from its cold wallet to the hot wallet to fulfil customer withdrawal requests. Unbeknownst to them, 45% of users’ funds were concentrated in a vulnerable cold wallet, making them an easy target for the hacker.

The hacker exploited a loophole where they only required three signatures from WazirX signatories and one from WazirX’s digital custody provider, Liminal, to execute the attack. Between 9:30 AM and 11:00 AM on July 18, several signatories, including Sumit Patel, Rohit Patel, and Tushar Patel, attempted to process transactions. However, many of their attempts failed due to a malicious payload injected by the hacker.

Despite the failures, some transactions, including those for USDT and GALA, were eventually signed by multiple signatories. This allowed the hacker to upgrade WazirX’s cold wallet contract, facilitating the transfer of funds into their control. By the time the issue was discovered, the hacker had full access to the cold wallet and successfully drained funds.

Security Investigations Raise Questions

In the aftermath, WazirX engaged Google’s Mandiant to conduct a security audit, which found that the laptops of WazirX’s key signatories had not been compromised. Similarly, Liminal brought in Grant Thornton for an audit, and the results showed no signs of breaches in their front-end or back-end systems.

These findings have led to a critical question: If both WazirX and Liminal’s systems were secure, how did the hacker gain access to the required signatures and bypass security protocols? The only plausible explanation is the involvement of an insider. The ability to create a fake KYC, strategically target a specific token, and navigate both WazirX and Liminal’s security measures suggests deep inside knowledge of their systems.

Insider Involvement: The Only Logical Explanation?

The hack’s complexity and the timing of multiple failed transactions before the successful ones indicate that the hacker had advanced knowledge of WazirX’s internal workings. This includes access to transaction data, signatures, and the structure of their cold wallets. The fact that the hack was carried out smoothly despite the robust security infrastructure in place adds weight to the theory of insider involvement.

Moreover, WazirX allowed 45% of user funds to be stored in a single cold wallet, raising concerns about poor fund management and internal negligence. The repeated signing of transactions by the WazirX team, despite knowing there were errors, points to either gross incompetence or intentional sabotage.

Read also: $XRP Soars as Grayscale Unveils New XRP Trust Fund, Sparking Massive Price Surge