Saturday, November 23
  • WazirX has filed a police complaint and engaged with the Indian Computer Emergency Response Team.

  • The company also said it was “collaborating with forensic experts and law enforcement agencies to identify and apprehend the perpetrators.”

Crypto exchange WazirX has filed a police complaint after it suffered a $230 million hack on Thursday.

The firm has also reported the incident to the Indian Computer Emergency Response Team (CERT-In), it said on X. Engaging with CERT could mean it is seeking the help of India’s premier agency which responds to computer related security incidents.

The development comes a day after the crypto exchange saw $230 million in withdrawals in a security breach affecting one of its wallets. WazirX said “many exchanges” were “cooperating” with them and that their immediate plans included “tracing the stolen funds, recovering customer assets, and conducting a deeper analysis of the cyber attack.” The company also said it was “collaborating with forensic experts and law enforcement agencies to identify and apprehend the perpetrators.”

The next step will be a First Information Report (FIR), a person familiar with the matter told CoinDesk. In India, after a complaint is filed, a First Information Report (FIR) is prepared by the police if they determine an official investigation is required. Involving the police could mean further scrutiny of WazirX’s books, operating systems and security standards.

CERT-In did not immediately respond to CoinDesk’s request for comment.

India’s Finance Ministry declined to comment. Since cryptocurrency remains unregulated in the absence of a legislation passed in parliament the sector remains out of the ambit of almost all authorities except, in a limited way, the Financial Intelligence Unit (FIU-India).

WazirX, which is registered with FIU-India, which falls under the Finance Ministry, has sent the body an incident report. However, the FIU is mandated with monitoring transactions under the nation’s Prevention of Money Laundering Act (PMLA). Given the WazirX incident is a security breach, the incident does not fall under the FIU’s ambit. The FIU declined an in-person request to comment.

“There is no crypto-specific regulation in India so far, and the industry would benefit from clear regulatory expectation on issues like security standards, risk management, and consumer protection,” Joanna Cheng, Associate General Counsel at Fireblocks told CoinDesk via an email. “Regulatory intervention in this space would also mean that exchanges that service large numbers of retail customers are held accountable for their actions (or inaction).”

Sumit Gupta, the co-founder of CoinDCX, another prominent Indian cryptocurrency exchange, told CoinDesk that they had “reached out WazirX to extend our support to their customers and are open to ideas and suggestions on how we could support them.”

India’s crypto advocacy body, the Bharat Web3 Association did not immediately respond to a comment.

Edited by Parikshit Mishra.

Share.