New Delhi: The Delhi Police’s Special Cell arrested an accused in connection with the cyberattack on cryptocurrency exchange firm, WazirX on Wednesday. The cyberattack resulted in the theft of digital assets worth approximately Rs 2,000 crore. 

The accused identified as SK Masud Alam, was a resident of West Bengal, and is accused of facilitating the cyberattack by setting up a fake account used to breach WazirX’s platform.

According to a chargesheet filed by the Delhi Police, Alam created an account on WazirX under the alias Souvik Mondal and then sold the account to another individual, identified as M Hasan, through the messaging platform Telegram. Hasan is believed to have used the account to access the exchange and carry out the attack, which led to the loss of a large sum of digital assets. 

The investigation, led by the Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) division, found out that cybercriminals allegedly drained the exchange’s hot wallet, which is used to store funds for quick access, and made an unsuccessful attempt to breach the cold wallet — a more secure storage option for digital assets kept offline. 

The police’s probe also reveals complications stemming from WazirX’s partner, Liminal Custody, a digital asset custody solutions firm responsible for securing the exchange’s wallets. 

Despite multiple notices from the authorities, Liminal failed to cooperate, withholding crucial information needed to trace the perpetrators behind the heist. The chargesheet notes that this lack of cooperation from Liminal Custody significantly hampered the investigation, and the firm’s role in the breach will be further addressed in a supplementary chargesheet.

In addition to Alam’s arrest, investigators seized three laptops from WazirX, which were used by authorised signatories to approve transactions. These laptops are central to the investigation into the misuse of multi-signature wallets, which require multiple keys to authorise a transaction. The police have found no evidence of unauthorised access to WazirX’s internal systems, either locally or remotely.

The cyberattack, which occurred on July 18, 2024, saw the theft of over $230 million (around Rs 2,000 crore) in digital assets from WazirX. The breach involved a multi-sig wallet with six signatories — five from WazirX and one from Liminal Custody. The attack resulted in the loss of nearly 45 percent of the exchange’s holding assets, triggering widespread concern in the cryptocurrency community.

WazirX, one of India’s largest cryptocurrency exchanges, has cooperated fully with authorities during the investigation, providing critical data such as Know Your Customer (KYC) details and transaction logs. 

The exchange, launched in 2018, facilitates the buying, selling, and trading of various cryptocurrencies like Bitcoin, Ethereum, and others, and is integrated with Binance, a global cryptocurrency exchange.