Following a $235 million hack, WazirX has proposed a $23 million bounty to the hacker for returning the stolen funds, as part of a broader recovery effort.
Points
- WazirX suffered a $235 million hack and offers a $23 million bounty for the return of stolen funds.
- The exchange aims to unite the community and prevent further losses.
- The breach was not due to a phishing attack but involved sophisticated multi-signature failures.
WazirX, a prominent Indian cryptocurrency exchange, recently suffered a $235 million hack. In response, the platform has proposed a 10% bug bounty to the attacker, totaling $23 million. This initiative is part of a broader bounty program aimed at recovering the stolen assets.
On July 21, WazirX announced this bounty program, offering $23 million to the hacker for returning the stolen funds. Additionally, the exchange is providing up to $10,000 in USDT to individuals who can provide actionable intelligence leading to the freezing of the stolen assets.
Initially, WazirX had offered a 5% reward, amounting to $11.5 million. However, on-chain investigator ZachXBT advised the firm to increase the offer due to the possible involvement of North Korea’s Lazarus group.
“A $10 million bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable. 5% is lower than 10%+ industry standard,” he stated.
WazirX co-founder Nischal Shetty emphasized that the bounty program seeks to unite the community and recover the stolen funds. He noted that while the exchange explores partial withdrawals, it needs additional time to determine the best approach.
Shetty clarified that the hack was not the result of a phishing attack. The breach required four points of failure in the signing process, involving three signatures from separate devices, each using different hardware wallets located at various sites. This complexity underscores the sophistication of the attack.
Since the incident, blockchain data indicates that the attackers have been liquidating the stolen assets for Ethereum. WazirX has suspended its platform operations, filed a police report, and notified the Financial Intelligence Unit (FIU) and CERT-In.
“The world has more good people than bad and I genuinely believe that if the entire global community comes together, we can find the perpetrators and recover the stolen funds. We’ve all been working on growing the Web3 ecosystem and we cannot give up at this time. We’ve been attacked but we have to get back up and fight,” Shetty added.
解説
- Hack Details: The breach was sophisticated, involving multiple points of failure in a multi-signature process. This indicates a high level of planning and execution by the attackers.
- Bounty Program: By offering a substantial bounty, WazirX aims to incentivize the community to help recover the stolen funds. This approach reflects a proactive strategy to mitigate the impact of the breach.
- Community Response: The emphasis on community unity and collective effort highlights the importance of collaboration in the crypto space. The response to the hack demonstrates the resilience and determination of the WazirX community to overcome challenges.