WazirX Launches $23M Bounty Program After $234M Crypto Hack

WazirX co-founder Nischal Shetty has announced a bounty program to help the exchange recover or freeze funds stolen in the exchange’s recent hack.

The exploit saw losses amounting to over $234 million in several cryptocurrencies. The WazirX team is actively working on the next steps:

• Preparing a bounty program to help freeze and recover the stolen assets.
• Continuing to trace fund movements with the assistance of expert teams.
• Informing relevant authorities and stakeholders.

According to an X post from Shetty, the bounty program was launched earlier today. Initially, WazirX proposed a $11.5 million total bounty for recovering the assets, but this was later updated to $23 million after the intercession of crypto security expert ZachXBT.

The total bounty has been updated to $23M thanks to ZachXBT for the suggestion.

Shetty stated that the bounty program aims to get assistance from the crypto community in recovering the money stolen in the July 18 cyberattack.

According to WazirX’s official blog, the program consists of two initiatives:

Track and Freeze Bounty

This initiative aims to locate and freeze the stolen assets.

White Hat Recovery Bounty

Offering a reward of 10% of the recovered amount to those who assist in retrieving the funds.

The exchange has publicly shared an ERC20 wallet address for the return of the stolen funds.

Community Concerns

The crypto community on X has raised concerns over the “sluggish” measures taken to recover the funds, with some speculating on how the hack happened. Many guesses have leaned towards the involvement of the Lazarus Group.

$10M bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable.

Although the exchange is optimistic about recovering some of the funds, blockchain analytics firm Arkham confirmed the hacker sold $102 million worth of SHIB, part of the stolen funds.

Speculation on WazirX Exploit Method

An X user broke down how the hack might have happened, suggesting that Shetty and the security team at WazirX were “sleeping while all these happened.”

Allow me to elaborate this WazirX Hack. The attacker changed the contract which defines how the transactions are carried out.

The user believes the hacker modified the contract defining transaction procedures without detection. It’s reported that the attacker then captured signatures from three separate keyholders during failed transactions. These signatures were subsequently used to create a test transaction that met Laminal’s approval criteria, paving the way for larger unauthorized transfers.

Shetty disagreed with the allegations, insisting that Liminal’s security measures verify transaction correctness and check for whitelisted addresses before signing. Furthermore, he mentioned that Liminal only signs transactions initiated within its own system, not external ones.

WazirX is now awaiting Liminal’s detailed report on the incident, as well as forensic analysis of the three WazirX devices involved.

For more updates on the latest cryptocurrency news, continue exploring Global Crypto News.