The Indian cryptocurrency exchange, WazirX, has recently faced another significant setback. The Delhi Police have detained SK Masud Alam from West Bengal, who is suspected to be involved in a substantial hacking incident. According to reports from Indian news channel India Today, this cyber theft took place in July, compromising virtual currencies valued at approximately Rs 2,000 crore (around $230 million). This amount represents nearly 45% of the exchange’s total assets.
The Accused and the Alleged Scheme
The central figure in this case is Alam, who has been accused of executing transactions through a WazirX account. This account was reportedly created under the alias ‘Souvik Mondal’. It is alleged that this account was used to facilitate sales via Telegram to a second individual, M Hasan. Hasan purportedly used this account to carry out abusive practices on the platform. The cyber assault targeted both the WazirX hot wallet and cold wallet. The hot wallet is used for day-to-day transactions, whereas the cold wallet, which is offline, holds the majority of the funds.
Investigative Insights and Internal Dynamics
The IFSO division’s investigation has not identified any external malicious attacks on WazirX systems. This suggests that the incident might involve internal manipulation with multiple parties possibly being complicit. This raises pressing questions about the internal security practices and protocols at cryptocurrency exchanges, emphasizing the need for robust and secure operational frameworks.
Role of Liminal Custody and the Security Gaps
Liminal Custody, responsible for managing WazirX’s digital wallets, has come under scrutiny in this investigation. The police claim that the company hesitated to provide requested information, despite repeated appeals for cooperation. This lack of responsiveness has reportedly hindered the investigation. The Delhi Police continue to probe Liminal’s ‘incident management protocols and response mechanisms’, with further clarifications expected in a forthcoming chargesheet.
WazirX’s Response and the Path Forward
In response to the breach, WazirX has been proactive in sharing Know Your Customer (KYC) documents and transaction records with regulatory authorities. These efforts aim to assess the true scale and methodology of the hacking incident. As digital assets become increasingly integrated into the financial landscape of India, establishing a robust security infrastructure and ensuring legal compliance will be critical. This will help prevent similar incidents in the future and safeguard the interests of stakeholders.
