In light of the recent $230 million hack at WazirX, the Bharat Web3 Association (BWA) is intensifying its efforts to boost cybersecurity and protect consumers in India’s crypto sector.
Led by Dilip Chenoy, the BWA has set up two specialized groups to tackle these urgent issues and thoroughly investigate the WazirX breach.
BWA’s New Cybersecurity and Consumer Protection Initiatives
Local media reports that one of the new groups is focusing solely on cybersecurity. This team includes chief information security officers (CISOs) from various member firms who are working on creating standard operating procedures (SOPs) and implementing measures to prevent similar breaches in the future.
The second group is dedicated to consumer protection, ensuring that guidelines are current and user interests are well-guarded.
Chenoy emphasized that a detailed investigation into the breach is ongoing, with the BWA maintaining close communication with the affected parties, WazirX and Liminal, to ensure a thorough review of the incident. He stated, “We have asked both WazirX and Liminal to conduct a complete forensic analysis and root cause analysis, and to evaluate the legal and remedial actions that can be taken post-incident.”
To ensure fairness, the BWA has recommended an independent third-party review of the forensic report to guarantee a comprehensive and unbiased analysis of the breach.
Addressing Current Cybersecurity Challenges
The newly formed cybersecurity group includes CISOs from member firms. Their task is to create SOPs and solutions to prevent incidents similar to the WazirX hack. Traditionally, the BWA has focused on regulatory compliance, such as registering with the Financial Intelligence Unit and implementing anti-money laundering measures. However, this incident has underscored the need for a stronger focus on cybersecurity.
The BWA’s members include major players like Coinbase, Polygon, CoinSwitch, Liminal, Biconomy, Tax Nodes, Giottus, and Hike. The association will now also involve WazirX’s local rival, CoinDCX, in its new initiatives. These teams will review and update existing consumer protection guidelines and address current cybersecurity challenges.
Details of the WazirX Hack
On July 18, WazirX, India’s largest cryptocurrency exchange, lost 45% of its holdings after one of its multisig wallets was hacked. The attack, allegedly carried out by North Korea’s Lazarus Group, is believed to be state-sponsored. Multisig wallets require multiple private keys to access, making the breach particularly alarming.
Chenoy advised members to be extra vigilant about cybersecurity. He stated, “We have agreed to hold independent discussions with cyber experts and within our ecosystem to fortify the industry against threats.”
WazirX is cooperating with various government agencies, including CERT-In and the Financial Intelligence Unit (FIU). WazirX’s founder and CEO, Nischal Shetty, noted that the exchange has shared its records with authorities and is in ongoing communication with regulators, who understand that WazirX was a victim of a planned attack.
Impact on WazirX and Recovery Efforts
The stolen assets, worth $230 million, included $102 million in Shiba Inu, $52.5 million in Ethereum, $11.24 million in Matic, $7.6 million in Pepe coin, $135 million in Tether, and $3.5 million in Gala.
In response to the hack, WazirX has temporarily suspended withdrawals and trading. On July 27, the exchange proposed a recovery plan that would allow customers to access and trade 55% of their portfolio tokens, with the remaining 45% converted to USDT and locked. Customers can vote on this proposal until August 3.