In a breakthrough in the investigation of a $235 million hack on the WazirX cryptocurrency exchange, Delhi Police have arrested a man from Bengal suspected of involvement in the theft.
According to a police chargesheet shared with Cointelegraph, the breach didn’t arise from internal system vulnerabilities but was executed through a fake account sold via Telegram to a third party who exploited it.
During the investigation, WazirX reportedly cooperated by providing hardware, Know Your Customer records and transaction logs required for the inquiry.
The Indian Cyber Crime Coordination Centre (IFSO) confirmed that WazirX’s internal systems were uncompromised, offering external validation of the exchange’s security measures, which had previously faced scrutiny.
Chargesheet details
The Delhi Police chargesheet clarified that the breach did not result from vulnerabilities within WazirX’s systems but was instead initiated through external access obtained via deceptive practices.
The chargesheet also stated that the hackers accessed WazirX’s multisignature wallet, depleting it of crypto tokens valued at $235 million. It stated:
“It was suspected that [the suspect] was the part of well organized gang of hackers who breached [WazirX’s] platform by opening fictitious account.”
According to the chargesheet, the accused joined the investigation and disclosed that a “buyer of crypto account through Telegram” offered him a “good amount” for Wazir X crypto accounts.
Independent security validation
An independent review of the breach by the IFSO validated that WazirX’s systems were not compromised, affirming the exchange’s stance on the robustness of its security framework.
However, the investigation encountered challenges with third-party services responsible for managing the Indian exchange’s digital assets, indicating that delays in cooperation slowed the data collection process.
WazirX blamed Liminal for the breach
On Oct. 22, Liminal Custody, WazirX’s digital custody partner, released an update responding to what it called the Indian crypto exchange’s “disinformation campaign.”
The disinformation campaign referred to WazirX allegedly deflecting blame onto Liminal for the breach by sharing misleading information through data disclosures and accusations that Liminal was responsible for the breach.
Liminal’s statement stated that WazirX had retained over $175 million in assets on its platform 75 days post-breach despite accusing the digital custody partner of causing the breach.
A WazirX spokesperson told Cointelegraph that the exchange was “in the process of migrating the remaining assets held on Liminal to new multisig wallets.”