Indian Police Arrest Suspect in Connection with WazirX’s $234M Hack

Indian authorities have made a significant breakthrough in the ongoing investigation into the massive cyber attack on the cryptocurrency exchange WazirX, which resulted in losses amounting to $234 million. On November 14, 2024, police arrested SK Masud Alam, a West Bengal resident, who is believed to have played a crucial role in orchestrating the hack.

Suspect Allegedly Created Fake WazirX Account for Hack

According to a chargesheet obtained by Cryptonews, Alam created a fraudulent account under the alias Souvik Mondal, which he later sold to another individual named M Hasan via Telegram. This account was allegedly used by Hasan to carry out the cyber attack on WazirX, one of India’s leading cryptocurrency exchanges.

The arrest is being hailed as a critical step in unraveling the complex web of transactions and identifying those behind the hack. Police are continuing to track down other possible suspects and follow the trail of funds that were siphoned from the exchange during the attack.

WazirX, however, has not provided any official comment on the matter, with a spokesperson stating that the case is currently subjudice.

Liminal Custody’s Role and Lack of Cooperation

The chargesheet also mentions Liminal Custody, the firm responsible for securing WazirX’s digital assets, which came under scrutiny during the investigation. Police reports indicate that Liminal was uncooperative when authorities requested critical information, despite several notices.

Initially, Liminal Custody had claimed that its audit reports showed no breach in WazirX’s front-end or user interface. However, after the attack, WazirX was forced to halt withdrawals on its platform. Investigators are questioning Liminal’s role in the incident, with further inquiries into their involvement expected in the next phase of the investigation.

Investigators Seize Laptops and Examine Wallets

As part of the investigation, authorities have also seized three laptops from WazirX that were used by authorized signatories for approving transactions. The seized equipment is being examined in relation to concerns about potential abuse of multi-signature wallets, which are typically used to enhance the security of transactions.

While WazirX has fully cooperated with the investigation, providing vital KYC (Know Your Customer) details and transaction records, the police have confirmed that there was no unauthorized access to the platform’s internal systems. Investigators were particularly focused on ensuring that no external or internal breach had occurred.

A Complex Investigation Still Unfolding

The arrest of Alam marks a significant development in the investigation, but authorities emphasize that the case is far from over. The full extent of the hacking operation is still being uncovered, and more arrests could follow as investigators continue to dig deeper into the chain of events that led to the massive loss.

In the meantime, the involvement of Liminal Custody remains under close scrutiny, and further updates on their role in the incident are expected to be revealed in a supplementary chargesheet. The case continues to raise questions about the security protocols surrounding cryptocurrency exchanges and their third-party custodians.