Crypto and web 3 industry body Bharat Web3 Association (BWA) is creating two new internal groups focused on cybersecurity and consumers in the wake of WazirX’s $230-million security breach, chairman Dilip Chenoy has told Moneycontrol.
Both groups will have representatives from all its members, which include WazirX, Coinbase, Polygon, CoinDCX, CoinSwitch, Biconomy, Liminal, Tax Nodes, Giottus and Hike. The industry body will also review and update its existing consumer code guidelines.
India’s largest exchange WazirX lost 45 percent of its holding assets on July 18 after one of its multisig wallets was hacked, allegedly by North Korea’s Lazarus Group in a state-sponsored cyber attack.
Multisig wallets are crypto wallets that require two or more private keys to unlock and withdraw funds.
The industry body has been monitoring the situation and has been in touch with both the members involved – WazirX and Liminal, Chenoy told Moneycontrol on July 30. “We have asked both of them to do a complete forensic analysis and root cause analysis on the issue and evaluate the legal and remedial actions that can be taken post this incident,” he said. BWA also suggested a third-party evaluation of the forensic report.
He said, “We have agreed to create two groups to look at how to address such issues from both cybersecurity and consumer perspective going forward. They will be looking into this (WazirX) issue as well to come up with solutions.”
Also read: Sent records to CERT-In, in touch with FIU, regulators: WazirX’s Nischal Shetty
The cybersecurity group will have chief information security officers (CISOs) from the member firms who will come up with standard operating procedures (SOPs) and solutions in case of a repeat of WazirX.
Chenoy said that until now the industry body has been focusing on FIU-IND (Financial Intelligence Unit—India) registration and anti-money laundering issues, and then this unprecedented cyberattack occurred.
“We have advised our members to be extra vigil around cybersecurity. We have agreed on having independent discussions with cyber experts as well as within our ecosystem to strengthen the industry from threats. The members have also been cooperating with various government agencies and will continue to do so,” Chenoy said.
In an interview with Moneycontrol, WazirX’s founder and CEO Nischal Shetty said the exchange has sent its records to CERT-In (Indian Computer Emergency Response Team) and is in constant touch with the FIU and regulators.
There’s an understanding within the government agencies that WazirX were the victims of a planned hack, he said.
What has happened so far
According to the third-party blockchain analytics tool, Lookonchain, the stolen assets worth $230 million from WazirX included $102 million in Shiba Inu, $52.5 million in Ethereum, $11.24 million in Matic, $7.6 million in Pepe coin, $135 million in Tether, and $3.5 million in Gala.
As the investigation continues, WazirX has temporarily paused withdrawals and trading of crypto assets on its platform.
On July 27, WazirX came up with a proposed recovery plan to socialise the loss and open up the platform for trading.
Going by this recovery route, the exchange suggested that irrespective of whether the customer’s assets have been stolen, they would be able to access and trade around 55 percent of their portfolio tokens at any given point and the remaining 45 percent would be converted to USDT (stablecoin) and locked.
While the recovery plan options are still under consideration, the exchange is seeking customers’ votes till August 3 on the same. The 55/45 suggested got a lot of flak from customers and WazirX’s peers.
Moneycontrol has exclusively reported that WazirX also reached out to former partner Binance for support, as it continues to control a significant chunk of its revenue and WRX tokens which were valued at $80 million on the day of the hack.
This has impacted WazirX’s ability to utilise its funds to repay affected customers.
With a state-sponsored hacking organisation Lazarus Group being involved, the issue is also gaining international attention.
The US intelligence agency Federal Bureau of Investigation (FBI) reached out to WazirX to get information on the nature of the attack.
Lazarus Group is notorious for attacking several other global crypto exchanges as well.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
| 1W returns0.31% |
| 1W returns0.21% |
| 1W returns-2.01% |
| 1W returns-4.49% |
| 1W returns-4.60% |
| 1W returns-5.17% |
| 1W returns-5.57% |
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
