On July 18, 2024, North Korean hackers, thought to be the Lazarus Group, attacked WazirX, India’s biggest cryptocurrency exchange, and stole $235 million, over half of its reserves.
The breach hit a multisig wallet and took advantage of a flaw in Liminal’s custody interface, which let attackers change transaction payloads and steal money. This event, which was one of the biggest crypto heists in the world, affected 15 million users, stopped trade, and shattered people’s faith in India’s crypto industry.
Recovery Efforts and Restructuring
In response to the security breach, WazirX swiftly halted withdrawals to mitigate further losses and hired forensic companies like ZeroShadow and Mandiant Solutions to find the stolen assets. $3 million in USDT was frozen by January 2025.
This was a minor but important step. The exchange started a reward program that offered up to $10,000 in USDT for useful information. They also filed a First Information Report (FIR) with the Delhi Police under the IT Act.
Zettai Pte Ltd, the entity that owns WazirX, asked Singapore’s High Court for a moratorium so that it may restructure its debts through a Scheme of Arrangement. The plan was approved by 93.1% of creditors in April 2025.
It provides customers 85% of their portfolio value (as of July 18, 2024) within 10 business days of court approval, which is expected by June 2025. Users will get original tokens when they can, or USDT for assets that are hard to sell. They will also get Recovery Tokens (RTs) that are linked to future earnings and asset recoveries.
Legal and Financial Challenges
WazirX has made progress, but it still has a lot of problems to solve. CoinSwitch, a competing exchange, is suing for $9.65 million in money that is stuck there. Users don’t like the platform’s “socialised loss” model, which spreads losses evenly across all accounts.
Investors were upset about the July 18, 2024, cut-off date for portfolio valuation since rising crypto values have made their prospective losses bigger. India’s unclear rules about cryptocurrencies make it harder to recover, and the fact that INR balances are frozen and there are still disagreements with Zanmai Labs makes things even more murky.
Rebuilding Trust and Safety
WazirX is working on rebuilding. To make the site safer, they are working with BitGo Trust, a registered custodian that has $250 million in insurance. The exchange is also moving to a decentralised exchange (DEX) architecture to allow consumers more control over their assets.
This will fix the problems that the attack showed with centralised exchanges. To make sure everyone is following the rules, a mandatory Re-KYC process is going on that is in line with FIU rules.
One year later, WazirX’s investors are still stuck, dealing with money problems and legal issues. The reorganisation plan gives us optimism, but it won’t work unless the courts approve it, assets are still being recovered, and users trust the company again. The theft shows how important it is for India’s crypto business to have better cybersecurity and clearer rules.
India is the leader in crypto adoption, but it doesn’t do enough to protect consumers. As WazirX deals with this situation, its ability to keep its commitments will affect its viability and the future of crypto in India.
