Following a recent security breach that resulted in the theft of a staggering $230 million worth of digital assets, WazirX, India’s largest crypto exchange, has temporarily halted trading activities on its platform.

The incident began when WazirX’s multi-signature (multisig) wallet, which requires multiple private keys for transactions, was compromised. This type of wallet is considered highly secure due to the need for multiple signatories to authorize withdrawals. However, in this case, the security was breached due to a discrepancy between the data shown on the wallet interface and the actual transaction contents. This allowed hackers to gain unauthorized access to the wallet and siphon off substantial funds.

WazirX acknowledged the breach in a post on X, noting that the theft had critically impacted their ability to maintain a 1:1 collateral ratio with assets, prompting the temporary suspension of trading activities.

The financial impact of this cyber attack is substantial. According to WazirX’s proof of reserve report from June 10, 2024, the exchange’s total holdings amounted to ₹4,203.88 crore (approximately $503.64 million). With $230 million stolen, WazirX has lost nearly half of its reserves. The exchange is now undertaking a forensic investigation and security audit to identify the breach’s full impact and prevent future occurrences.

In response to the breach, the Mumbai-based WazirX has paused all trading and withdrawal activities on its platform to prevent further losses and secure the remaining assets. The crypto exchange has also initiated a bounty program aimed at recovering the stolen funds. This program is set to offer rewards of up to $10,000 for information leading to the freezing of the stolen assets, as well as a 10% incentive (up to $23 million) for successfully recovering the funds.

“On July 18, 2024, WazirX experienced a cyber attack on one of our multisig wallets, resulting in the theft of digital assets exceeding $230 million. This wallet was managed using Liminal’s digital asset custody and wallet infrastructure. As a result of the attack, our ability to maintain 1:1 collaterals with assets has been deeply impacted.”, it said.

This bounty program will run for a period of three months, WaxirX noted, adding that the rewards shall be payable in “USDT or in the form of recovered funds at the sole discretion of WazirX.” Additionally, the crypto exchange is collaborating with over 500 other exchanges to block the identified addresses associated with the stolen funds. The exchange has also engaged with expert groups specializing in cryptocurrency transaction tracking to aid in the recovery process.