On July 18, 2024, WazirX, India's largest cryptocurrency exchange, suffered one of the most devastating cyberattacks in crypto history. Approximately $234.9 million in digital assets were stolen, wiping out nearly 45% of the platform's reserves. The breach affected millions of users and exposed critical vulnerabilities in centralized exchange security. This article provides a comprehensive breakdown of the attack, its aftermath, and the lessons every crypto investor should learn.
How the Hack Unfolded
The attack targeted a multisignature (multisig) Ethereum wallet managed jointly by WazirX and its custody provider, Liminal. Multisig wallets require multiple approvals to authorize a transaction; in this case, four out of six signatures were needed—three from WazirX and one from Liminal. Despite this layered security, the attackers executed a sophisticated social engineering campaign.
Blockchain analysis revealed that the hackers spent eight days preparing. They initially funded their operations via Tornado Cash on July 10, 2024. On July 18, they tricked WazirX and Liminal signatories into approving a malicious smart contract upgrade. Once approved, the update gave the hackers full control over the wallet, allowing them to bypass all signature requirements and drain the funds. Stolen assets included $97 million in Shiba Inu (SHIB) and $53 million in Ether (ETH).
After the theft, the hackers swiftly converted most stolen tokens into ETH and laundered them through Tornado Cash. By September 2024, only $6 million in traceable ETH remained. The precision, scale, and techniques used strongly point to the North Korean Lazarus Group, a state-sponsored hacking collective notorious for targeting crypto platforms. Their involvement makes fund recovery extremely unlikely, as the group rarely negotiates and operates beyond the reach of most law enforcement agencies.
Impact on Users and the Crypto Ecosystem
WazirX had approximately 15 million users, mostly in India, where crypto adoption has been rising. Immediately after the hack, the exchange suspended all withdrawals and trading, leaving users trapped. In response, WazirX proposed a controversial “socialized loss” plan, which would distribute the losses proportionally across all users instead of covering them fully. This sparked massive backlash, with some users filing lawsuits. In January 2025, a Singapore court approved a restructuring moratorium for WazirX, allowing the exchange to resume trading by February 2025. However, the compensation framework remains contentious—users are to be compensated based on asset prices as of July 18, 2024, ignoring subsequent price surges (e.g., SHIB rose from $102 million to $173 million).
The hack also had ripple effects across the industry. Indian regulators intensified discussions on cryptocurrency regulation, with calls for mandatory licensing, proof-of-reserves, and consumer protection frameworks. Many users began moving funds to decentralized exchanges (DEXs) and hardware wallets, eroding trust in centralized custodians. The incident further highlighted the lack of legal recourse for victims in India's unregulated crypto market.
Key Security Lessons for Crypto Investors
1. Never Concentrate Assets in One Wallet
WazirX stored roughly half of its reserves in a single multisig wallet, amplifying the damage from the breach. Security experts recommend spreading assets across multiple wallets and exchanges, and always keeping a significant portion in cold storage (hardware wallets).
2. Smart Contract Approvals Are a Major Risk Vector
The attack succeeded because signatories approved a malicious contract update without proper verification. For exchanges, rigorous auditing and decentralized custody solutions are essential. For individual investors, always double-check the source and content of any transaction approval request—especially when interacting with DeFi protocols.
3. Regulatory Frameworks Are Urgently Needed
The lack of clear crypto regulations in India left victims with almost no legal remedies. A well-designed regulatory framework could mandate insurance, proof-of-reserves, and enforceable recovery plans, protecting users from such catastrophic events.
4. Stay Vigilant Against Phishing and Social Engineering
Hackers often impersonate official platforms or send fake emails to trick users into revealing private keys or approving malicious transactions. Always verify URLs, enable two-factor authentication (2FA), and never share sensitive information online.
What’s Next for WazirX and the Industry
WazirX is now navigating a complex restructuring process. While the Singapore court's approval provides a path to resume trading, the recovery of stolen funds is virtually impossible. Only $3 million has been frozen, and the use of Tornado Cash combined with Lazarus Group's advanced laundering techniques leaves little hope for further recovery. The exchange also faces ongoing legal battles and user distrust.
This hack serves as a stark reminder that security in the crypto industry must evolve as quickly as the assets themselves. Centralized exchanges must implement multi-layered verification, real-time anomaly detection, and insurance funds. Meanwhile, investors must take personal responsibility for security: use hardware wallets, diversify holdings, and stay informed about platform practices. The WazirX hack is a costly lesson, but one that can drive meaningful improvements in how the entire ecosystem approaches asset protection.

