WazirX co-founder Nischal Shetty has announced a bounty program to help the exchange recover or freeze funds stolen in the exchange’s recent hack.
As reported earlier this week by crypto.news, the exploit saw losses amounting to more than $234 million in several cryptocurrencies.
According to an X post from Shetty, the bounty program was launched earlier today. WazirX had initially proposed a $11.5m total bounty for recovering the assets, but the co-founder later said it was updated to $23m after the intercession of crypto security sleuth ZachXBT.
Shetty said the bounty program was a way for the exchange to get assistance from the crypto community in its quest to recover the money stolen in the July 18 cyberattack.
According to WazirX’s official blog, the program consists of two initiatives. The first is a track and freeze bounty, aimed at helping locate and freeze the stolen assets. The second is a white hat recovery bounty, offering a reward of 10% of the recovered amount to those who assist in retrieving the funds.
The exchange has publicly shared an ERC20 wallet address for the return of the stolen funds as can be seen below.
The crypto community on X has raised concerns over how “sluggish” measures taken to recover the funds have been, with some speculating on how the hack happened. Plenty of guesses have leaned towards the Lazarus Group’s involvement.
Although the exchange is optimistic some of the funds can be recovered, blockchain analytics firm Arkham confirmed the hacker sold $102m worth of SHIB, which was part of the funds stolen.
Speculation on WazirX exploit method
An X user gave a breakdown on how the hack might have happened, insinuating that Shetty and the security team at WazirX were “sleeping while all these happened.”
The X user believes the hacker modified the contract defining transaction procedures without detection. It’s reported that the attacker then captured signatures from three separate keyholders during failed transactions.
These signatures were subsequently used to create a test transaction that met Laminal’s approval criteria, paving the way for larger unauthorized transfers.
Shetty disagreed with the allegations, insisting Liminal’s security measures verify transaction correctness and checks for whitelisted addresses before signing. Furthermore, he went on to say Liminal only signs transactions initiated within its own system, not external ones, regardless of other signatures.
WazirX co-founder said the exchange is now awaiting Liminal’s detailed report on the incident, as well as forensic analysis of the three WazirX devices involved.