WazirX halts trading following $230 million exploit, offers bounty for recovered funds
Quick Take
- Indian crypto exchange WazirX, following the $230 million exploit it experienced on July 18, has halted trading across its platform.
- The company has also announced a recovery program, offering up to 10% of the hacked total ($23 million) for recovering the funds and up to $10,000 for assistance freezing the funds.
- However, evidence suggests North Korea’s Lazarus Group is the attacker, and assets are very rarely recovered from the group’s hacks.
Cryptocurrency exchange WazirX has halted trading across its platform as it deals with the fallout from a recent exploit, which saw $230 million drained from its wallet as the result of a private key compromise on July 18.
"The cyber attack theft has impacted our ability to maintain 1:1 collaterals with assets, and we've temporarily paused trading," WazirX wrote in an announcement post on X. WazirX's wallets were drained of over $100 million worth of Shiba Inu at the time, along with millions of dollars worth of MATIC tokens, PEPE tokens, USDT, and GALA tokens. The hacker, which evidence suggests may be the North Korean state-sponsored Lazarus Group, has since converted most of the siphoned assets into ether.
"We're conducting thorough forensic data examination and security audit procedures and working to enable withdrawals soon. User safety remains our top priority," the exchange wrote in its announcement post.
WazirX also announced the formation of a bounty program for assistance with tracking and freezing or returning the funds, inviting cybersecurity and blockchain experts to "join this critical mission and protect the integrity of the crypto ecosystem."
The company had originally offered 5% of the recovered funds as an incentive for assisting in their full return, but later doubled the reward to 10% following feedback from blockchain sleuth ZachXBT, according to the company's post. The company is also offering "up to $10,000 worth of USDT" for "actionable intelligence that leads to the freezing of the funds." The program will last three months, but that timeframe may be amended.
"$10M bounty means nothing if it is indeed Lazarus Group as they are not going to just hand over the funds or be located and held legally accountable. 5% is lower than 10%+ industry standard," ZachXBT wrote. ZachXBT also clarified that he himself would not be assisting in the investigation, writing, "I do not have the resources to follow a potential Lazarus group hack like this 24/7 as it requires many hours."
As ZachXBT noted, recoveries from hacks involving the Lazarus Group are incredibly rare. When $30 million was recovered in September 2022 from the infamous Lazarus Group-linked $600 million hack of Axie Infinity's Ronin Bridge, Chainalysis noted that it was the first time funds linked to North Korea's hacking group had been seized. Though not all hope is lost for WazirX; "...We’re confident it won’t be the last,” Erin Plante, senior director of investigations at Chainalysis, wrote at the time.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
