WazirX Files Police Complaint After $230M Hack, Engages With India’s Cyber Crimes Unit

As a long-term crypto investor and someone who has closely followed the Indian cryptocurrency scene for several years, I find the recent developments at WazirX deeply concerning. The news of a $230 million hack is alarming, and I’m closely monitoring the situation as it unfolds.

WazirX, the cryptocurrency exchange, has reported a major cyberattack to the police following an incident on Thursday that resulted in approximately $230 million being stolen from their platform.

The company has additionally notified the Indian Computer Emergency Response Team (CERT-In) about the occurrence, as mentioned on X. By reaching out to CERT, the company might be requesting assistance from India’s leading organization that handles computer security emergencies.

Yesterday, WazirX announced that they are taking steps to address a security breach in which $230 million worth of cryptocurrency was taken from one of their wallets. The exchange indicated that other exchanges were assisting them and disclosed their initial plans: investigating the origin of the stolen funds, recovering customer assets, and conducting a thorough examination of the cyber attack. WazirX also revealed that they are working with forensic experts and law enforcement agencies to identify the culprits behind the hack.

As a crypto investor, I understand that the next course of action may involve the filing of a First Information Report (FIR) following a complaint. In the Indian context, if the authorities deem it necessary after receiving a complaint, they will prepare an FIR for potential investigation. This step could potentially lead to a more thorough examination of WazirX’s financial records, operating systems, and security protocols by the police.

CERT-In did not immediately respond to CoinDesk’s request for comment.

As a crypto investor, I’d put it this way: The Finance Ministry in India hasn’t responded to my queries. With no clear regulations in place due to the lack of passed cryptocurrency legislation in parliament, the industry operates largely outside the purview of various authorities, except for the Financial Intelligence Unit (FIU-India), which monitors financial transactions for potential money laundering and terrorist financing activities.

WazirX, a registered entity under India’s Financial Intelligence Unit (FIU) under the Ministry of Finance, has submitted a report regarding an occurrence to the authority. Nevertheless, the PMLA empowers the FIU primarily to oversee financial transactions. Since this incident pertains to a security breach and not a monetary transaction, it falls outside the FIU’s jurisdiction. The FIU refused a personal request for comment on the matter.

In India, there isn’t any specific regulation for cryptocurrencies yet. It is essential for the industry to have a clear understanding of regulatory guidelines regarding security protocols, risk management, and consumer protection, as suggested by Joanna Cheng, Fireblocks’ Associate General Counsel in an email to CoinDesk. Additionally, regulatory oversight would ensure that cryptocurrency exchanges catering to a significant retail clientele are responsible for their actions or lack thereof.

Sumit Gupta, the co-founder of CoinDCX, reached out to WazirX to offer assistance to their customers. He is open to exploring ways in which CoinDCX can provide support.

India’s crypto advocacy body, the Bharat Web3 Association did not immediately respond to a comment.