Last updated:
Indian cryptocurrency exchange Wazirx announced on August 23 that INR withdrawals will resume in phases starting on August 26, following a major cyberattack on July 18.
The attack resulted in over $230 million theft, severely disrupting the exchange’s operations and suspending cryptocurrency and INR withdrawals.
The attack suspended withdrawals and trading as the team worked to mitigate the impact and develop a resolution.
Wazirx Resumes INR Withdrawals After Cyberattack
Wazirx has decided to implement a Singapore Scheme of Arrangement in response to the cyberattack. This legal process ensures a fair and user-approved distribution of the remaining cryptocurrency assets.
The exchange highlighted the importance of this approach, citing the need for legal compliance and user involvement in the distribution process.
Wazirx clarified that the loss of a substantial balance of ERC-20 tokens has left the exchange unable to fully meet its cryptocurrency liabilities.
To ensure fairness, WazirX plans to pursue a Singapore Scheme of Arrangement.
This legal process will allow for an equitable distribution of cryptocurrency assets, with users voting on and approving the restructuring proposal.
The platform emphasized that user feedback would be critical, and all material developments would be communicated through polls and town halls.
Wazirx plans to lift the withdrawal suspension for INR balances starting August 26. Withdrawals will be enabled in two stages, allowing users to access up to 66% of their INR balances.
In the first phase, from August 26 to September 8, users can withdraw up to half of this limit.
The second phase, from September 9 to September 22, will allow users to withdraw the full 66%.
To ease the withdrawal process during this challenging time, Wazirx has also reduced withdrawal fees by 60%, lowering the cost from INR 25 to INR 10.
Wazirx expressed regret over the disruption caused by the cyberattack and acknowledged users’ difficulties.
On July 18, WazirX experienced a significant security breach, leading to the theft of $234.9 million in cryptocurrency assets. The hack was first detected by Web3 security firm Cyvers, which noticed multiple suspicious transactions originating from WazirX’s Safe Multisig wallet on Ethereum.
The breach prompted WazirX to take immediate action, including securing the remaining assets and temporarily pausing cryptocurrency and Indian rupee withdrawals on the platform.
In response to the attack, WazirX announced on X that it was “actively investigating the incident” and would provide updates as the situation evolved. The exchange has since focused on restoring user trust and enhancing its security measures, with plans to publish a list of new wallets after completing asset migration.
Liminal, a digital asset custody firm, released a report suggesting that compromised WazirX machines might have caused the exploit, adding further complexity to the situation.
On August 14, WazirX announced that it was migrating the remaining assets held with Liminal to new multi-signature (multisig) wallets requiring multiple signatures for transaction validation.
In WazirX’s case, their multisig wallet had six authorized signers—one from Liminal and five from WazirX.
Amid these security efforts, the hacker responsible for the breach converted nearly $150 million of altcoins into Ether, likely in an attempt to prevent the funds from being frozen or blacklisted.
Following the hack, WazirX conducted scheduled maintenance on August 16, during which they reversed all trades made after the withdrawal stoppage on July 18.
While users can now see their funds in their accounts, the exchange has yet to provide a clear timeline for when withdrawals will be resumed.
This lack of clarity, coupled with WazirX’s initial proposal of a socialistic loss-sharing model of 55/45, has fueled investor frustration and opposition.