In West Bengal, Delhi Police arrested a major suspect, marking a breakthrough in the $235M WazirX hack case.
Delhi Police have made progress in their investigation into a $235M WazirX hack on the cryptocurrency exchange WazirX by apprehending a Bengali man who may have been involved in the theft.
A police chargesheet provided to Cointelegraph claims that the breach was carried out using a phony account that was sold on Telegram to a third party who then took advantage of it, rather than internal system flaws.
WazirX allegedly assisted with the investigation by supplying the necessary hardware, transaction logs, and Know Your Customer data.
The exchange’s security procedures, which had previously come under investigation, were externally validated by the Indian Cyber Crime Coordination Centre (IFSO), which concluded that it’s internal systems were uncompromised.
Chargesheet Information
The Delhi Police chargesheet made it clear that external access gained through dishonest means was what caused the breach rather than flaws in the systems.
According to the chargesheet, the hackers gained access to WazirX’s multisignature wallet and used up $235M worth of cryptocurrency tokens. It said:
“It was suspected that [the suspect] was the part of well organized gang of hackers who breached [WazirX’s] platform by opening fictitious account.”
The chargesheet states that the accused joined the investigation and revealed that he was given a “good amount” for Wazir X cryptocurrency accounts by a “buyer of crypto account through Telegram.”
Independent Verification Of Security
WazirX’s position on the strength of its security framework was confirmed by an independent IFSO examination of the breach, which confirmed that the company’s systems were not affected.
The investigation did, however, run into issues with third-party services in charge of overseeing the digital assets of the Indian exchange, suggesting that a lack of collaboration slowed down the data collection process.
WazirX Attributed Intrusion To Liminal
WazirX’s digital custody partner, Liminal Custody, responded to the Indian cryptocurrency exchange’s “disinformation campaign” with an update on October 22.
According to the disinformation effort, false information was passed through data releases and made charges that Liminal was to fault for the breach, so shifting the responsibility onto Liminal.
Despite blaming the digital custody partner for the incident, it kept more than $175 million in assets on its platform 75 days after it happened, according to Liminal’s statement.
WazirX was “in the process of migrating the remaining assets held on Liminal to new multi-sig wallets,” a representative for the exchange informed Cointelegraph.