Could recent accusations against WazirX uncover the truth behind the July hack, or are dissatisfied users sparking baseless conspiracy theories?
WazirX under scrutiny “again”
On July 18, India’s cryptocurrency community was shaken when WazirX, the nation’s largest crypto exchange, reported a significant hack. Approximately $235 million (₹2,000 crore) was taken from a single wallet, with initial suspicions directed at the infamous Lazarus Group from North Korea.
The exchange promptly attributed the breach to outside forces, but the story has since taken an unexpected turn. On November 26, a vocal group of WazirX users, united under the slogan “Justice for WazirX Users,” claimed on X that this might not have been an international cyberattack at all — but rather an inside job.
Their assertions are supported by a comprehensive timeline of events leading up to the hack, depicting a platform struggling with financial difficulties, regulatory scrutiny, and operational turmoil, arguing that the circumstances surrounding the breach are too coincidental to overlook.
Could this truly have been an inside job? Or are these suspicions merely a product of frustration and a growing sense of distrust? Let’s explore the facts from all perspectives and see what insights they might provide.
The dominoes leading to the hack
According to a viral Twitter thread, WazirX’s issues didn’t start with the hack — they trace back to February 2022, when the Indian government imposed a 30% tax on crypto profits.
For WazirX, this policy resulted in a sudden drop in revenue. The once-thriving exchange found itself dealing with decreased user activity and declining profits — a concerning sign for any business in the fiercely competitive crypto market.
Two months later, in April 2022, WazirX’s founders, Nischal Shetty and Siddharth Menon, permanently moved to Dubai.
With the Indian crypto ecosystem facing increasing scrutiny, their departure raised uncomfortable questions: was this a strategic move to shield themselves from regulatory pressures, or simply a routine relocation that the public misunderstood?
The situation worsened in August 2022 when India’s Enforcement Directorate froze $8 million worth of WazirX’s assets, alleging involvement in money laundering. Although WazirX denied these claims, the raid damaged the exchange’s reputation and imposed significant operational strain.
In January 2023, the challenges escalated when Binance — the global crypto giant and WazirX’s former partner— severed all ties with the exchange. Citing governance disputes, Binance demanded the transfer of funds, effectively cutting off a vital support system.
By January 2024, matters became more complicated when India outright banned Binance, forcing many Indian users to move their funds back to WazirX, significantly increasing its reserves.
The exchange reportedly concentrated $235 million (₹2,000 crore) in a single wallet while distributing another $333 million (₹2,500 crore) across 250,000 smaller wallets. For some, this was a ticking time bomb, given the inherent risks of centralising such a large amount in one place.
The hack itself occurred in July 2024, depleting the $235 million stored in that single wallet. However, critics quickly raised significant questions. Why would WazirX consolidate such a large sum in one vulnerable location?
Was this sheer negligence — or something more calculated, perhaps even a staged hack?
A web of allegations and discrepancies
The aftermath of the WazirX hack has only become more complicated as new allegations and financial discrepancies continue to surface.
Amid rising frustration, the YouTube channel Crypto India examined WazirX’s second affidavit and financial statements in September, revealing critical issues related to the platform’s operations and transparency.
WE CHECKED WAZIRX ZETTAI’S FINANCIAL STATEMENTS
One major revelation from WazirX’s affidavit is its moratorium application in Singapore, which aimed to restructure its obligations following the hack. Initially, the platform reported that the total value of funds during the hack was $570 million, with $234 million stolen — a theft rate of 42%. This figure was later adjusted to $546 million, now suggesting that 45% of the funds were taken.
The discrepancy arises from WazirX initially including INR balances managed by Zanmai Labs, its Indian entity, in the financial records of Zettai, its Singapore-based arm, highlighting weak internal controls, further diminishing user confidence.
Moreover, out of 4.2 million users, only 431 showed support for the moratorium, representing just 0.01% of the total user base. Financially, these supporting users account for liabilities of $9.2 million — far below the $410 million threshold needed for the moratorium’s approval.
Adding to the doubts is a key revision in WazirX’s financial statements. The situation becomes even murkier when scrutinising WazirX’s financial records. Zettai reported revenues of $108 million in 2022 and $12 million in 2023, but the expense patterns are concerning.
For instance, $79 million — nearly 80% of its 2022 revenue — was spent on sales and marketing, with no detailed breakdown of how or where the funds were utilised. Another $15 million was listed under administrative expenses, yet these figures remain vague and unexplained.
Even more troubling, liabilities worth $23 million were grouped into the ambiguous category of “Others,” accounting for 99% of total liabilities — a significant red flag in financial reporting that suggests potential obfuscation.
The controversy has spilled into legal action, with rival platform CoinSwitch filing a lawsuit against WazirX in September to recover funds allegedly trapped on the platform after the hack.
CoinSwitch, a former partner of Zanmai Labs, claims WazirX has failed to clarify whether its tokens were stored in secure wallets or those compromised in the hack.
Despite WazirX’s claims of an uncompromised infrastructure, the absence of audit reports or detailed incident analyses leaves users in uncertainty, unsure of what truly transpired — or whether their remaining assets are secure.
WazirX’s plan to refund users
Amid increasing pressure and unresolved questions following the July hack, WazirX has introduced a structured plan to compensate its creditors. While the plan promises eventual repayment, it comes with conditions that require users to absorb an immediate loss.
Central to this effort is the launch of a “rebalancing calculator,” now operational on the platform, which calculates the exact amount owed to each creditor. However, users are facing a 48% haircut on their funds — a loss that WazirX claims will be addressed gradually over time.
During the company’s fourth town hall on November 6, WazirX shared details of its repayment plan. The exchange intends to settle 52% of total creditor claims using its current liquid assets.
This amount will be distributed on a pro-rata basis, meaning users will receive a percentage of what they’re owed based on the size of their claims.
To address the remaining 48% of liabilities that cannot be immediately repaid, WazirX will issue Recovery Tokens to creditors. Each token will represent $1 and serve as a placeholder for the outstanding funds.
These tokens can be redeemed in the future, contingent upon WazirX successfully restarting operations and generating revenue.
To achieve this, the exchange has outlined a multi-faceted strategy that includes launching new business initiatives and boosting trading activity.
WazirX’s CEO, Nischal Shetty, has also hinted at plans to launch a decentralised exchange, which he believes could become India’s largest within a year.
In addition to the DEX, WazirX aims to resume operations on its centralised platform, betting on a surge in trading volumes during the current bull market to drive revenue.
Arrests, allegations, and unanswered questions
In October, the Delhi High Court heard a petition filed by investor Jaivir Bains, alleging that WazirX merged funds from hacked and unhacked accounts to mitigate losses — an approach that reportedly affected unaffected investors.
The petitioner’s counsel argued that these actions violated the exchange’s user agreement and regulatory standards, urging an investigation by the Financial Intelligence Unit (FIU) and the ED.
The petition also raised concerns about the adequacy of oversight mechanisms, highlighting that stolen funds had been transferred to Singapore, potentially complicating recovery efforts.
While acknowledging the seriousness of the allegations, the court noted a lack of prima facie evidence to determine whether the hack was externally orchestrated or a self-inflicted cover-up.
The bench concluded that grievances such as fund merging and withdrawal restrictions were civil matters better suited for resolution in civil courts. However, it directed the Assistant Commissioner of Police to investigate the complaint and involve regulatory authorities should new evidence arise.
Adding a new twist to the unfolding drama, the Delhi Police’s Special Cell recently arrested SK Masud Alam, a resident of West Bengal, in connection with the cyberattack.
According to the chargesheet, Alam allegedly created a fake account under the alias “Souvik Mondal” and sold it on Telegram to another individual, M. Hasan, who reportedly used it to breach WazirX’s systems.
The petition also claims that state authorities, including the FIU, have failed to act decisively, potentially due to bureaucratic interference. With millions of dollars at stake and trust hanging by a thread, the WazirX case is only growing more complex with each passing moment.
A system failing its people
The WazirX hack case remains shrouded in uncertainty. Whether it was a sophisticated external attack or an inside job disguised as one, the truth has yet to surface.
However, the incident has not only exposed vulnerabilities in crypto platforms but also highlighted the shortcomings of India’s regulatory and legal systems in managing such crises effectively.
Since the hack in July 2024, millions of users have been left in distress, with many facing financial ruin. Social media is now filled with heart-wrenching stories of investors grappling with the loss of their life savings.
Reports have emerged of victims resorting to extreme measures, including falling into severe debt to cover their losses, selling personal assets such as homes and vehicles, and, in tragic cases, even contemplating suicide.
Nearly five months after the hack, India’s regulatory and enforcement bodies have been slow to respond. The FIU and the ED, tasked with financial compliance and investigating money laundering, have largely remained on the sidelines.
Meanwhile, the focus of the case has shifted overseas. With WazirX’s restructuring program under review by the Singapore High Court, critical decisions about user repayments and the platform’s future are being made outside Indian jurisdiction.
The irony is striking: a predominantly Indian user base is now seeking justice through a legal system halfway across the globe while their own government lags behind.
Whether the hack was an external breach or an inside job may take months — or even years — to ascertain. For now, the distress of the users serves as a sobering reminder of the consequences of systemic failures.
