In July 2024, WazirX—India’s largest crypto exchange at the time—became the epicenter of one of the country’s biggest digital asset heists. Hackers linked to the infamous Lazarus Group from North Korea drained over ₹2,000 crore ($235 million) worth of crypto from WazirX wallets. Users who trusted the platform woke up to see their funds evaporate—only to be told that it was a “force majeure” event, meaning the company claimed zero responsibility.
⚠️ How the Hack Was Pulled Off
- Multisig Security Breach: WazirX’s wallet structure used a multi-signature setup requiring its keys and those of its custodian, Liminal. Hackers exploited vulnerabilities to upgrade the smart contract, sidelining WazirX’s own control.
- Pre-Attack Practice Runs: Blockchain data later revealed that attackers tested their moves days before the final heist.
- Funds Drained: By the time the dust settled, the wallets were empty, leaving thousands of investors stranded.
🔍 Users Left to Fend for Themselves
The aftermath was brutal for retail investors:
- Withdrawals Frozen: WazirX stopped crypto withdrawals entirely, claiming no control over the stolen assets.
- No Reimbursements: The company made no commitment to return user funds.
- Legal Dead Ends: When 54 victims approached India’s Supreme Court seeking an investigation into WazirX’s leadership, the court