2024 WazirX hack

WazirX is an Indian cryptocurrency exchange founded in 2018 which allows users to buy, sell, and trade cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), XRP, and other popular digital assets.^[4]

In July 2024, Indian cryptocurrency exchange WazirX experienced a large-scale cyberattack resulting in the theft of approximately $230 million (₹2,000 crore) in digital assets from a multisignature wallet maintained through a third-party custody arrangement. This wallet was accessible via WazirX’s custody partner Liminal Custody.^[5]

After discovering the breach on 18 July 2024, WazirX publicly disclosed the incident. WazirX halted all cryptocurrency and INR withdrawals on 18 July 2024 and paused trading on 21 July 2024. User balances were restored to their state as of 18 July 2024 (1:00 PM IST), effectively undoing trades made between the hack and the trading halt. A First Information Report (FIR) was filed with the Special Cell in New Delhi. One individual, SK Masud Alam, was arrested for opening a "mule" account (under the alias Souvik Mondal) that facilitated the hack.^[6][7]

WazirX terminated its custody agreement with Liminal, and began moving assets to other secure institutional partners. Over ensuing months, WazirX reported the incident to international and domestic cybercrime agencies, focused on asset recovery, legal restructuring, and planning for an eventual platform restart.^[8][9][10]

According to a report by Mandiant dated 14 August, WazirX’s cyberattack originated from Liminal Custody which was a Singapore-based security partner of the crypto exchange.^[11]

According to WazirX, the attack did not affect the exchange’s hot wallets or primary trading platform infrastructure and was confined to the externally managed multisig custody environment. Liminal Custody disputed aspects of the forensic methodology and conclusions.^[12]

However, investigative developments in India added further scrutiny to the custody provider’s response.  Reports related to the incident noted that the Delhi Police Intelligence Fusion and Strategic Operations (IFSO) unit alleged that Liminal failed to provide critical logs and technical data associated with the date of the breach. While responses were submitted, authorities stated that the required technical information was not fully provided.^[13][14]

On 13 October 2025, the High Court of Singapore sanctioned (with modifications) a creditor-approved restructuring scheme submitted by Zettai Pte Ltd., WazirX’s Singapore-based entity, after the proposal was supported by about 95.7% of creditors by number and 94.6% by value.^[15] The Scheme of Arrangement was pursued under Singapore’s Insolvency, Restructuring and Dissolution Act and included steps to restructure liabilities, pro-rata distribution of rebalanced assets (approx. 85 % of claim value), and issuance of Recovery Tokens (RTs) for potential future distributions.^[16] Following the court sanction, the endorsed scheme was filed with Singapore’s Accounting and Corporate Regulatory Authority (ACRA).^[17]

After the restructuring scheme became legally effective, WazirX restarted operations within ten business days, 24 October 2025, and returned 85% funds to users. The platform introduced a temporary 0% trading-fee offer.^[18] Platform operations resumed on 24 October 2025, with the exchange migrating custody to global crypto institutional custody providers such as BitGo and implementing additional security measures.^[19][20][21]

During the restructuring process, WazirX continued court proceedings and creditor engagement, including a creditor vote reported as showing high participation and renewed support for the restructuring scheme after an earlier proposal was rejected by the Singapore court.^[22] The exchange later resumed operations under revised custody arrangements and implemented additional security measures, including the use of institutional custody providers such as BitGo.^[23][24]