- Delhi Police arrested a suspect linked to the $234M WazirX cyberattack, uncovering a Telegram-facilitated scheme to sell crypto account credentials.
- WazirX suspects hackers exploited its hot wallet replenishment system, with investigations ongoing into the stolen funds and potential payloads.
In a significant breakthrough following the $234 million cyberattack on cryptocurrency exchange WazirX, the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi Police has arrested an individual linked to the heist. The chargesheet, based on initial findings, reveals key details of the investigation.
The cyberattack, which occurred in July, saw hackers allegedly draining more than $230 million worth of assets from WazirX. The exchange filed a First Information Report (FIR) in New Delhi a day after the attack. Investigators traced suspicious activity to a WazirX user who joined the platform just a week before the hack. This trail eventually led to an individual from Medinipur, West Bengal.
According to the chargesheet, the accused revealed during interrogation that he had been approached on Telegram by a buyer offering a payment for WazirX crypto accounts with credentials. Telegram’s features, such as anonymous account creation and end-to-end encryption, made it difficult to trace conversations.
The accused then sought someone to create a WazirX account under their name and KYC details, without granting them control of the account. These credentials were subsequently sold to an individual identified as M Hasan via Telegram for a payment of 08 USDT (approximately ₹677), which was sent to the accused’s Binance account. A screenshot verifying the transaction served as evidence in the investigation, leading to the accused’s arrest. Authorities have issued a notice to Telegram to obtain information on M Hasan’s identity.
An independent lawyer familiar with the case said:
“The Special Cell has issued notices to various authorities, including those managing the implicated IP addresses and VPN services. As responses come in, a supplementary chargesheet will be filed, and further suspects identified during the investigation will also be charged.”
The chargesheet also details how the hackers exploited WazirX’s system of transferring funds from cold wallets to replenish hot wallets, using the opportunity to drain large amounts of GALA tokens. WazirX has since reached out to Indian and international exchanges to block and freeze the hackers’ wallets.
Laptops used by Zanmai Labs’ authorized signatories to access the exchange’s multisig wallets were seized for forensic examination. Initial analysis revealed no unauthorized access, but further scrutiny is pending.
WazirX has not responded to Crypto India Magazine’s queries regarding the investigation.
