WazirX under scrutiny over 2000 crore hack: Government agencies launch investigation

WazirX is facing scrutiny after a significant cyber hack led to a Rs. 2,000 crore loss, prompting investigations by government agencies into the incident's impact on millions of users.

By: MD IJAJ KHAN
| Updated on: Oct 07 2024, 14:03 IST
This malicious Firefox add-on stole thousands of dollars in cryptocurrency
WazirX
1/6 A particular malicious add-on for Firefox, that goes by the name Safepal Wallet, has managed to scam users by stealing money from them and managed to live on the Mozilla add-ons store for seven months before getting detected and removed. (Pixabay)
image caption
2/6 Safepal is essentially a cryptocurrency wallet application that is capable of holding more than 10,000 types of assets, including Ethereum, Bitcoin, Litecoin, etc. However, Safepal is an official smartphone app that is available for Apple and Android both. There are no known “authentic” Safepal browser extensions. (BleepingComputer)
image caption
3/6 According to a post shared by a user who goes by the name Cali on the Mozilla Support forum, within a few hours of installing and logging in to the Safepal Wallet extension with their real Safepal credentials, they saw their wallet balance drop to $0 from $4,000.  (Mozilla Support Forum )
image caption
4/6 While investigating Safepal Wallet, BleepingComputer came across the phishing domain used by the add-on and this webpage was also listed as the "support site" link on the fake add-on's home page: https://safeuslife.com/tool/. WHOIS records indicate the this phishing site was registered in January this year via Namecheap. And BleepingComputer reported that at the time of them filing this report, the webpage is still live and it instructs people to key in their "12-word Backup Phrase in the correct order to pair your SafePal Wallet". (BleepingComputer )
image caption
5/6 Once the recovery phrase is entered and the form is submitted, the page refreshes without any noticeable response and the recovery phrase is sent to the attacker. A stolen recovery phrase can give attackers control over your wallet along with the ability to access and transfer funds. (Pixabay)
image caption
6/6 Five days after Cali publicly reported the incident, a Mozilla spokesperson responded to say that they were investigating the issue and the page for Safepal Wallet has since been removed by Mozilla. The Mozilla add-ons store now has one-star reviews posted by some users that are warning others to not download “Safepal Wallet”. (BleepingComputer )
WazirX
icon View all Images
WazirX is under government agencies radar after a significant cyber hack resulted in a Rs. 2,000 crore loss. (Pixabay)

WazirX, one of the largest cryptocurrency exchanges in India, is under investigation by various government agencies following a significant cyber hack that occurred in July. This breach led to a loss estimated at Rs. 2,000 crore (approximately $234 million), leaving millions of users concerned about their investments. Authorities are now looking into the implications of this incident on WazirX's customer base.

What agencies are involved in the investigation?

Authorities from the Financial Intelligence Unit (FIU), Intelligence Bureau (IB), and the Indian Computer Emergency Response Team (CERT-In) have initiated inquiries into the hacking incident. Reports indicate that officials have met with WazirX executives to gather information regarding the attack on the platform.

You may be interested in

MobilesTablets Laptops
11% OFF
Samsung Galaxy S24 Ultra
  • Titanium Black
  • 12 GB RAM
  • 256 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
12% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
Xiaomi 14 Ultra
  • Black
  • 16 GB RAM
  • 512 GB Storage

Also read: Apple reportedly begins assembling iPhone 16 Pro models in India

Also read
Looking for a smartphone? To check mobile finder click here.

What are the roles of CERT-In, IB, and FIU?

CERT-In, operating under the Ministry of Electronics and Information Technology, will handle the technical aspects of the investigation. The IB, which reports to the home ministry, will focus on security and counterintelligence issues. The FIU, under the finance ministry, will oversee financial transactions related to the hack.

Also read: Android users no longer have to worry about data if their phone is stolen, Google rolling out new feature

WazirX has complied with requests from these agencies, providing data that includes server logs, transaction trails, and blockchain addresses associated with the theft. The exchange has acknowledged that approximately 43 percent of its users may have lost funds due to the hack, with a significant impact on users in India.

Also read: iOS 18.1 release date: Here's when iPhone users may get Apple Intelligence

How are hackers exploiting the stolen assets?

Following the incident, hackers have begun to withdraw the stolen digital assets through the Tornado Cash platform, a decentralised cryptocurrency mixer that operates on Ethereum-compatible networks according to a report by the news agency IANS. Additionally, recent reports have emerged indicating that WazirX removed a video from its YouTube channel. This video featured a live town hall session that claimed to guarantee “100 percent profits from any crypto price appreciation in future with users.” 

The ongoing investigation highlights the increasing scrutiny of cryptocurrency platforms and the need for stronger security measures in the digital asset sector.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 07 Oct, 14:02 IST
NEXT ARTICLE BEGINS