Web3 security firm Cyvers has detected “multiple suspicious transactions" involving WazirX’s Safe Multisig wallet on Ethereum.
According to an X post, it is believed that $234.9 million of funds in the Safe Multisig wallet of the Indian crypto exchange have been moved to a new address, with each transaction’s caller funded by Tornado Cash, the decentralized protocol for private transactions.
The address has already swapped shifted funds comprised of Tether (USDT), Pepe (PEPE), and Gala (GALA) into Ether (ETH).
Related: Binance to return to India after paying $2M fine for non-compliance: Report
Over $210 million left to offload
According to a Telegram post in the “Investigations by ZachXBT” channel, crypto sleuth ZachXBT announced that the suspected primary attacker address still has over $104 million to dump.
The wallet was mainly composed of around $100 million Shiba Inu (SHIB), $52 million ETH, and $11 million Polygon (MATIC).
It also held $4.7 million FLOKI, $3.2 million Fantom (FTM), $2.8 million Chainlink (LINK), $2.3 million Fetch.ai (FET), and the remaining funds split between a wide range of other tokens.
Related: OKX terminates services in India, asks users to withdraw funds by April 30
WazirX suspends withdrawals
In response to the security breach, the Indian exchange has temporarily paused the withdrawal of cryptocurrencies and Indian rupees on the platform.
In an X post by the official exchange, the WazirX team explained that they are “actively investigating the incident” and will post updates as the situation unfolds.
Cointelegraph contacted WazirX to comment on the safety of user funds and measures to recover the stolen crypto assets. However, the team stated that a response was “not possible at this time.”
Related: Binance severs ties with Indian crypto exchange WazirX
India remains a tricky domain for crypto
On March 21, the Financial Intelligence Unit (FIU) of the Indian Ministry of Finance issued compliance notices to multiple foreign crypto exchanges, including OKX.
The notice sent to Indian OKX users requested they close their accounts and redeem funds before April 30, as the exchange stated it was “no longer providing services to users in India.”
Although discussions have been ongoing for almost four years by the Indian government, the regulatory framework for the crypto market in India remains uncertain.
Magazine: Saudi Arabia’s Riyadh may be crypto’s sleeping giant: Crypto City Guide