Arrest Marks Major Step in Unraveling Complex Cyberattack on Crypto Exchange
Indian authorities have made a significant breakthrough in the investigation into the massive $234 million hack of the cryptocurrency exchange WazirX, with the arrest of a suspect allegedly linked to the cyberattack. The attack, which occurred in July 2024, had left the popular exchange reeling, with its platform temporarily halting withdrawals in the aftermath. This arrest is seen as a crucial step towards understanding the intricate web of transactions and uncovering those responsible for the attack.
The Arrest and Alleged Role in the Hack
The suspect, SK Masud Alam from West Bengal, has been charged with creating a fake account on WazirX under the alias “Souvik Mondal.” According to reports, Alam sold this account through Telegram to another individual, M Hasan, who allegedly used it to carry out the cyberattack on the exchange. This led to the massive financial loss, which is one of the largest hacks in the crypto industry this year.
The Delhi Police, in their chargesheet, highlighted that Alam’s actions were part of a larger scheme to breach WazirX’s security and access significant amounts of funds. The account under the false identity was used as a gateway to execute the hack, though details about the exact mechanics of the attack remain under investigation.
Questions Around WazirX’s Security Measures
A key part of the investigation has been WazirX’s security measures, especially its collaboration with Liminal Custody, which is responsible for securing the exchange’s digital assets. The chargesheet alleges that Liminal Custody was uncooperative during the investigation, raising concerns about their role in the breach. Initially, Liminal had asserted that no breach had occurred in its front-end or user interface, but the situation changed after the attack, which led to the temporary suspension of withdrawals on WazirX.
Despite multiple requests for information, the authorities claim that Liminal Custody failed to provide crucial data that could have clarified the events surrounding the hack. The chargesheet indicates that Liminal’s involvement will be further scrutinized in an upcoming supplementary document, as investigators continue to piece together the sequence of events.
Multi-Signature Wallet Abuse and Seized Laptops
As part of the ongoing probe, investigators also raised concerns about the potential abuse of multi-signature wallets by the hackers. Multi-signature wallets require multiple private keys to authorize transactions, adding an extra layer of security. However, the police seized three laptops from WazirX that were used by authorized signatories for transaction approvals, hoping to gather evidence that could reveal any potential abuse or unauthorized access.
The chargesheet notes that WazirX cooperated fully with the investigation, providing crucial data such as KYC (Know Your Customer) information and transaction records. With the assistance of the Indian Cyber Crime Coordination Centre (IFSO), investigators confirmed that there had been no unauthorized internal or external access to WazirX’s systems. This suggests that the attack may have been more focused on exploiting specific vulnerabilities related to the fake accounts and transactions facilitated by third parties.
Unanswered Questions and the Road Ahead
While the arrest of Alam is a significant step forward, many questions remain unanswered. Investigators will continue to probe the role of Liminal Custody and whether there were any lapses in security that allowed the hackers to bypass the platform’s defenses. The crypto exchange industry is notoriously prone to hacks, and this case has once again highlighted the challenges of securing digital assets and maintaining user trust.
As the investigation progresses, authorities will likely focus on tracking the flow of stolen funds and uncovering the broader network behind the attack. For WazirX, this breach has raised serious questions about its security protocols, and the crypto exchange will likely face heightened scrutiny from both regulators and users alike in the coming months.