Over 50 days have passed since the biggest crypto cyber hack of India- the WazirX hack- that resulted in the theft of Rs 2000 crores worth of cryptocurrencies from the exchange.
 
 An estimated 4.5 million Indian users of WazirX have been hit by the hack and as per legal experts, it is highly unlikely that users will be able to get even 60% of their funds back.
 
According to WazirX management, the security breach occurred at one of their multi signature digital wallets on July 18 after which unknown hackers stole various cryptocurrencies worth $234 Million. The theft resulted in loss of 45% investor funds totalling above Rs 2000 crores, thereby forcing the exchange to approach Singapore High Court for a moratorium application.
 
 What has transpired since the July 18 hack of WazirX exchange depicts a classic tale of denial and obfuscation by the exchange management, apathy of the Indian government towards crypto users and legal loopholes exploited by major crypto exchanges to shirk any responsibility towards user funds. 


In short, the WazirX exchange hack and subsequent tussle shows that crypto users in India are left on their own, with minimal help either from exchanges or the government.


WazirX Hack is a wake up call: What can Indian Exchanges learn?


The recent WazirX hack serves as a crucial wake-up call for all Indian cryptocurrency exchanges. 


Severe Security Flaws by WazirX


The breach exposed severe flaws in WazirX’s security practices, including the risky decision to store 45% of user funds in a single cold wallet, excessive dependence on custody partners without additional security measures, and failure to stop illegal trading immediately after the incident.


Importance of Transparency and Security


The WazirX hack stresses upon the need for exchanges to enhance security by diversifying fund storage, verifying transactions thoroughly and not depending completely on a third party for security. The WazirX management has also failed to maintain the importance of transparent communication and fair policy adjustments to protect user trusts. Indian exchanges must take these lessons seriously to prevent similar failures and ensure the safety and trust of their users.


Need for Enough Reserves


Indian exchanges must focus on showing to customers that they have enough reserves, proving they can meet their financial obligations, and being clear about their responsibilities to build user trust. Regular third party checks, transparent financial reports, and smooth withdrawal processes are key to maintaining trust. By learning from WazirX’s mistakes, other exchanges should focus better on security practices and policies that put users first.


Need for Accountability


One of the most striking aspects of the post-WazirX hack tussle is the lack of responsibility prevalent in the exchange management especially by its co-founder Nischal Shetty. Nischal has blamed their erstwhile security partner Liminal Custody for breach of their multi-sig wallet. A month later, Nischal revealed that he or the other co-founders are no longer owners of WazirX and that the exchange is under a legal dispute between parent company Zettai Pte Ltd and Binance over ownership. The legal tussle is that neither Zettai nor Binance wants to take ownership and responsibility of WazirX exchange. Hazy background deals and obfuscations like these are something that Indian exchanges must definitely avoid.


What Indian Crypto Investors can Learn from WazirX Hack?


The recent WazirX hack fiasco comes with a few important lessons for Indian investors and serves as a stark reminder of how unpredictable and volatile the world of cryptocurrencies is. As the Indian government has refused to identify cryptocurrencies as legal tender, the WazirX users are not really left with many options as they are at the mercy of exchanges that shirk responsibility.


Here’s a guide to safeguard your investments based on lessons from the WazirX incident.


User Agreement: Always read carefully the exchange’s user agreement before depositing funds. The user agreement document outlines your rights, the exchange’s responsibilities, and the protocols for handling security breaches. A thorough understanding of the terms can prevent unpleasant surprises and ensure that you understand the exchange’s obligations as well as disclaimers.


Proof of Reserves (PoR): Verify whether the exchange provides a public Proof of Reserves. This audit should be conducted by a reputable third party and regularly updated. Public PoR helps confirm that the exchange holds sufficient assets to cover user deposits and maintains financial integrity.


Insurance: Check if the exchange offers insurance coverage for user funds. Insurance acts as a financial safety net in the event of a breach or other issues. If an exchange does not provide insurance, assess the risk and think about how it could affect the safety of your investment.


Company Research: Conduct comprehensive research on the exchange. Investigate its history, reputation, financial stability, and management team. A well-established and reputable exchange with a strong track record is less likely to put your assets at risk.


Wallet Addresses: Ensure that the exchange discloses its wallet addresses. Transparency in wallet addresses allows you to track and verify the security of your assets. It also helps in understanding the extent of any potential security breach.


Third-Party Audit: Confirm if the exchange undergoes regular third-party audits. Independent audits assess both the security protocols and financial stability of the exchange. This practice maintains credibility and provides assurance about the exchange’s operational integrity.


Crypto Withdrawals: Evaluate the exchange’s withdrawal policies. A reliable exchange should have clear, efficient, and timely withdrawal processes. Avoid platforms that impose frequent delays or restrictions on accessing your funds.


Proof of Liability: Determine if the exchange can provide proof of liability. This means the exchange should be able to demonstrate its capacity to meet all user claims, particularly in the aftermath of a security incident.


Holding Split: Check how the exchange manages and splits its holdings. Funds should be distributed across multiple cold wallets or vaults to reduce risk. An exchange that keeps a more portion of funds in a single wallet is at high risk of being hacked.


INR Holding Ratio: Understand the exchange’s INR holding ratio. Transparency regarding fiat holdings, such as INR, is important for assessing the exchange’s financial practices and stability.


Proof of Solvency: Look for proof of solvency, such as balance sheets or financial statements. These documents should detail the exchange’s assets, liabilities, and overall financial health, giving you a clearer picture of its stability and transparency.


Audit Inclusion: Ensure that your assets are included in the exchange’s audits. This means you should be able to verify that your funds are accounted for and secure as per the audit reports.


For Users: Investors need to be proactive in protecting their assets. By following these aspects, you can lower the risks and make informed decisions about where to invest. Always prioritize exchanges that are transparent, robust security measures, and user-centric policies.


Conclusion


WazirX’s mishandling of the hack is a valuable lesson for both Indian investors and exchanges. It underscores the need for careful research and highlights crucial areas where exchanges must improve. For Indian investors, this incident is a reminder to stay alert and well-informed to safeguard their investments effectively. Remember, the old school ‘Do Your Own Research’ (DYOR) lesson never goes out of fashion.


 




(Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.)