WazirX Files Police Report After $235 Million Hack as Indian Exchange Security Faces Scrutiny

Indian cryptocurrency exchange WazirX filed a formal First Information Report with Delhi Police’s Special Cell on August 5, 2024, formally escalating its response to the devastating $234.9 million cyberattack that struck the platform on July 18. The filing, publicly announced on August 6, marks a significant development in one of the largest crypto exchange hacks of 2024 — and raises urgent questions about the security practices of centralized trading platforms serving millions of users.

The Threat Landscape

The WazirX attack represents a sophisticated assault on the exchange’s multi-signature wallet infrastructure. On-chain security firm Cyvers Alerts was the first to detect the breach, identifying multiple suspicious transactions originating from WazirX’s Safe Multisig wallet on the Ethereum network. The attackers exploited a 4-of-6 signature scheme — a configuration that, while intended to provide distributed security, proved insufficient against the attack vector employed.

The stolen funds were systematically moved through Tornado Cash, a cryptocurrency mixing service, before being converted from various tokens including Pepe (PEPE), Gala (GALA), and Tether (USDT) into Ether (ETH). Blockchain analytics firm Elliptic attributed the attack to North Korean hacking groups, linking it to a broader pattern of state-sponsored cryptocurrency theft that has become a persistent threat to the global digital asset ecosystem.

The timing of this attack is particularly notable given the broader market conditions. On August 6, 2024, Bitcoin trades at approximately $56,034 — down over 15% on the week — while Ethereum sits at $2,458, having lost 25% over the same period. The combination of a major exchange hack and a sharp market downturn creates a compounding effect on user confidence.

Core Principles

The WazirX incident underscores several core security principles that every crypto user and exchange operator must internalize. Multi-signature wallets, while superior to single-key setups, are not infallible. A 4-of-6 scheme means that compromising four signers — through social engineering, malware, or insider threats — is sufficient to drain the entire wallet.

Key security principles include:

• Defense in depth: No single security measure should be relied upon exclusively. Multi-signature wallets should be complemented by hardware security modules, time locks, withdrawal limits, and real-time monitoring
• Access control segmentation: Signing keys should be distributed across different geographic locations, hardware platforms, and personnel. No single point of failure should be able to compromise the required threshold
• Transaction monitoring: Real-time anomaly detection systems should flag unusual withdrawal patterns, large transfers, and interactions with known mixer services like Tornado Cash
• Incident response planning: Exchanges must have pre-planned response procedures that can be activated within minutes of detecting suspicious activity

Tooling and Setup

For exchanges and large-scale operators, several security tools and configurations are essential:

Hardware Security Modules (HSMs): These dedicated cryptographic processors provide tamper-resistant key storage and are the gold standard for managing signing keys at scale. HSMs should be configured in a distributed manner, with no single device holding sufficient keys to authorize a withdrawal independently.

On-chain monitoring services: Platforms like Cyvers Alerts, Elliptic, and Chainalysis provide real-time threat intelligence that can detect suspicious transactions as they occur. Integrating these services with automated alert systems and circuit breakers can limit the damage from an active attack.

Withdrawal controls: Implementing daily withdrawal limits, time-locked withdrawals for amounts exceeding certain thresholds, and mandatory cooling-off periods for large transfers can provide critical response time when an attack is detected.

Smart contract auditing: The Safe Multisig wallet used by WazirX is itself a smart contract. Regular security audits of wallet contracts and their configuration parameters can identify vulnerabilities before they are exploited.

Ongoing Vigilance

The WazirX hack is not an isolated incident. It is part of a continuing trend of increasingly sophisticated attacks targeting cryptocurrency exchanges. In 2024 alone, over $2.2 billion has been stolen from crypto platforms, with private key compromises accounting for nearly 44% of losses.

For individual users, the lessons are clear. Storing funds on centralized exchanges inherently involves counterparty risk. While exchanges offer convenience and liquidity, they also present attractive targets for attackers. Users should:

• Withdraw funds to personal hardware wallets when not actively trading
• Use exchanges with publicly documented security practices and regular proof-of-reserves
• Enable all available security features including two-factor authentication, withdrawal whitelist addresses, and anti-phishing codes
• Monitor their accounts for unauthorized access attempts and report suspicious activity immediately

Final Takeaway

The WazirX FIR filing represents a necessary step toward accountability and potential fund recovery, but it also highlights the limitations of relying on law enforcement in a borderless, pseudonymous financial system. The $234.9 million stolen from WazirX users may take years to recover — if it is recovered at all.

As the cryptocurrency industry matures, the gap between the security practices of top-tier institutions and smaller regional exchanges remains a significant concern. Every user must take personal responsibility for the security of their digital assets, treating centralized exchanges as transactional platforms rather than long-term storage solutions.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research and consider your risk tolerance before engaging with any cryptocurrency platform.