WazirX has announced a $23 million bounty program to recover assets stolen in a recent cyberattack. This initiative, launched by co-founder Nischal Shetty, seeks to involve the global community in tracking, freezing, and recovering the stolen funds.
The cyberattack, which targeted one of WazirX’s multisig wallets, resulted in the theft of over $230 million in assets. In response, WazirX has structured the bounty program into two key components.
The first component, “Track & Freeze,” offers rewards of up to $10,000 worth of USDT for actionable intelligence that leads to freezing the stolen funds. This incentive aims to encourage individuals with relevant expertise to provide crucial information.
The second component, “White Hat Recovery,” provides a 10% reward of the recovered amount, up to $23 million, for ethical hackers and cybersecurity experts. This increased reward reflects WazirX’s commitment to leveraging the skills of the white hat community to address the breach. By involving white hat hackers, WazirX hopes to utilize their specialized skills in identifying and recovering the stolen assets.
Nischal Shetty has emphasized the community’s role in this recovery effort. He announced on the social media platform X that the bounty program seeks global participation.
North Korean Hackers Suspected in $235 Million WazirX Cryptocurrency TheftShetty clarified that the attack was not due to phishing. Instead, it involved multiple hardware wallets and required four different signatures from two parties: WazirX and its custody provider, Liminal.
Liminal, which played a crucial role in WazirX’s security infrastructure, has stated that its platform was not breached. According to Liminal, their forensic analysis indicates that the malicious transactions originated from compromised machines at WazirX.
Besides launching the bounty program, Wazirx has taken several other measures to address the breach. The exchange has filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and the Indian Computer Emergency Response Team (CERT-In). Additionally, WazirX has reached out to over 500 exchanges to block the identified addresses associated with the stolen funds.
This bounty program will run for three months from the date of the announcement, although WazirX reserves the right to amend this period based on requirements and results. By incentivizing the community and ethical hackers, WazirX aims to recover the stolen assets and reinforce the security of the crypto ecosystem.
