The accused allegedly opened a WazirX account under a fake name and sold it via Telegram to another individual, who then allegedly used it to breach the crypto exchange.
The Delhi Police has arrested an individual in connection with the cyberattack on cryptocurrency exchange firm, WazirX, which resulted in losses of around Rs 2,000 crore in digital assets. The accused, SK Masud Alam, a resident of West Bengal, had set up a fake account to facilitate the cyberattack.
Alam was arrested by Delhi Police’s Special Cell from West Bengal’s East Midnapore district. His arrest is seen as a breakthrough in the case, as investigators continue to unravel the complex web of crypto transactions involved.
In a chargesheet filed by the Delhi Police, Alam is accused of opening a WazirX account under the name Souvik Mondal and selling it via Telegram to another individual, M Hasan, who then allegedly used it to breach the crypto exchange. The chargesheet also cited the alleged non-cooperation of Liminal Custody, a digital asset custody solutions firm responsible for securing WazirX’s wallets, in the case.
The investigation, conducted by Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) division, centres around the hacking of WazirX’s platform. Cybercriminals allegedly drained WazirX’s hot wallet, followed by an attempt on the cold wallet, which holds funds offline with added security measures.
In the course of the probe, Delhi Police attempted to gather crucial information from Liminal Custody. Despite multiple notices, the chargesheet reveals that Liminal failed to provide requested details, raising questions regarding its security protocols and accountability.
Police noted that Liminal’s lack of cooperation complicated efforts to trace the full chain of events behind the massive crypto heist. The chargesheet stated that Liminal’s role will be further addressed in a supplementary chargesheet as the investigation progresses.
To probe the alleged misuse of multi-sig wallets (using multiple keys to authorise bitcoin transactions), investigators seized three laptops from WazirX that were used by authorised signatories for approving the transactions. As per the chargesheet, WazirX has fully cooperated with authorities, providing critical data such as KYC details and transaction logs.
The investigation, supported by the Indian Cyber Crime Coordination Centre (IFSO), found no evidence of unauthorised access to WazirX’s systems, either locally or remotely.
ABOUT WAZIRX CYBERATTACK
The WazirX cyberattack occurred on July 18, resulting in the theft of over $230 million (about Rs 2,000 crore) in digital assets. The breach involved a multi-sig wallet with six signatories, five from WazirX and one from Liminal Custody.
The security breach led to WazirX losing nearly 45 per cent of its holding assets.
WazirX allows users to buy, sell, and trade various cryptocurrencies like Bitcoin, Ethereum and others. Launched in 2018, it provides a platform for spot trading, staking, and peer-to-peer transactions and offers features like a native utility token (WRX) and integration with Binance, a global cryptocurrency exchange.