Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
WazirX Offers $23 Million Bounty to Hacker After $235 Million Breach

WazirX Offers $23 Million Bounty to Hacker After $235 Million Breach

BeInCryptoBeInCrypto2024/07/21 14:41
By:BeInCrypto

WazirX, a prominent Indian cryptocurrency exchange, recently suffered a $235 million hack. In response, the platform has proposed a 10% bug bounty to the attacker.

This move is part of a broader bounty program aimed at recovering the stolen assets. 

WazirX Reveals $23 Million Bug Bounty Initiative

On July 21, WazirX announced a bounty program offering $23 million to the hacker for returning the stolen funds . Additionally, the exchange is providing up to $10,000 in USDT to individuals who can provide actionable intelligence leading to the freezing of the stolen assets.

Initially, WazirX had offered a 5% reward, amounting to $11.5 million. However, on-chain investigator ZachXBT advised the firm to increase the offer because of the possible involvement of North Korea’s Lazarus group .

“[A] $10 million bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable. 5% is lower than 10%+ industry standard,” he stated .

Read more:  Crypto Project Security: A Guide to Early Threat Detection

WazirX co-founder Nischal Shetty emphasized that the bounty program seeks to unite the community and recover the stolen funds. He noted that while the exchange explores partial withdrawals, it needs additional time to determine the best approach.

“The world has more good people than bad and I genuinely believe that if the entire global community comes together, we can find the perpetrators and recover the stolen funds. We’ve all been working on growing the Web3 ecosystem and we cannot give up at this time. We’ve been attacked but we have to get back up and fight,” Shetty added .

The bounty initiative is part of WazirX’s effort to reclaim the $235 million lost in the July 18 breach , which the company described as a “force majeure event.” The breach was attributed to inconsistencies between Liminal’s interface data and the transaction details.

Shetty clarified that the hack was not the result of a phishing attack . He explained that the breach required four points of failure in the signing process. This included three signatures from separate devices, each using different hardware wallets located at various sites.

“Even if we assume that all 3 WazirX devices ended up going to a phished link (which is highly unlikely given their geographic separation and saved links), it would still fail on Liminal’s end since they’re the 4th signer and the signing occurs inside their systems and not on a browser (please don’t take this as a blame game, I’m detailing out the sequence of how things work and both parties are working hard to get to the root of this),” Shetty stated .

Read more:  15 Most Common Crypto Scams to Look Out For

Since the incident, blockchain data indicates that the attackers have been liquidating the stolen assets for Ethereum. WazirX has suspended its platform operations, filed a police report, and notified the Financial Intelligence Unit (FIU) and CERT-In.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like