In response to the recent WazirX cyberattack that led to the theft of $230 million from one of its multisig wallets, WazirX -- India’s largest cryptocurrency exchange -- has temporarily paused trading on its platform. This follows an earlier suspension of withdrawals after hackers compromised the wallet’s private keys. To recover the funds lost in the WazirX cyberattack, the company has also launched a Bounty Program, offering significant rewards for valuable information and assistance in retrieving the stolen assets. In a social media post, the company announced the launch of its bounty program. According to the official release, the initiative invites the community to participate through two key bounty opportunities. The first, "Track & Freeze," offers rewards of up to $10,000 in USDT for actionable intelligence that leads to freezing the stolen funds. The second, "White Hat Recovery," offers a 10% reward of the recovered amount, with a maximum of $23 million, to white hat hackers who assist in recovering the stolen assets. This bounty program will be active for three (3) months from the date of this announcement. However, the duration of the program may be adjusted—either extended or shortened—based on evolving needs and results, with or without prior notice to participants, the release stated. The bounty program is open to all individuals except current and former WazirX employees and their immediate family members. To qualify, participants must provide detailed submissions, including addresses, transactions, and tracking and recovery methodologies. Additionally, all participants are required to maintain confidentiality and refrain from sharing any information with third parties. The social media post concluded with the statement: "Your expertise and collaboration are essential in our efforts to secure and recover the stolen funds."

Mitigation Measures for the WazirX Cyberattack

Following the cyberattack on WazirX, the company has implemented several immediate and comprehensive measures to address the situation. The exchange has filed an online complaint via the National Cyber Crime Reporting Portal and is in the process of submitting a physical complaint. Additionally, WazirX reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In. Further, WazirX has reached out to over 500 exchanges to block the identified addresses linked to the theft, with many exchanges cooperating and assisting in the recovery efforts. The company is also engaging with cybersecurity experts to support its investigation and recovery initiatives. To ensure asset safety, WazirX has temporarily suspended INR and cryptocurrency deposits and withdrawals. In addition, all trading activities have been paused to allow for a thorough examination of affected systems, forensic data, and a comprehensive security audit. This decision, prompted by concerns over the partial collateralization of assets, will enable the exchange to thoroughly examine affected systems, conduct forensic analysis, and conduct a rigorous security audit.

WazirX Cyberattack: A Major Blow to the Crypto Community

WazirX is actively engaged in analyzing forensic data and working with experts to determine effective recovery strategies. This significant breach has had a major impact, affecting numerous users and raising serious concerns about the security of digital assets. While WazirX has assured users that their safety and security are top priorities as they deal with this complex situation, the cyberattack has once again brought attention to the vulnerabilities in the digital asset space. This incident highlights the ongoing need for stronger security measures in the cryptocurrency world. WazirX has started tracking and blocking some of the stolen funds, but details about these efforts are not yet available. The company has promised to keep users updated regularly and address any new concerns that come up. This story is still developing, and The Cyber Express will keep you informed with the latest updates as more information becomes available.

A global cryptocurrency derivatives exchange BitMEX (HDR Global Trading Limited) admitted guilt on Wednesday to violating the Bank Secrecy Act by "willfully" flouting U.S. anti-money laundering (AML) regulations. This admission, following previous actions against its founders, exposes significant vulnerabilities in cryptocurrency exchange oversight.

The Department of Justice (DoJ) accused BitMEX of operating from 2015 to 2020 as a "vehicle for large-scale money laundering and sanctions evasion schemes." The exchange allegedly failed to implement a "Know Your Customer" (KYC) program, a cornerstone of AML compliance that verifies user identities and helps prevent illicit activities.

"By only mandating lax service access credentials, BitMEX not only failed to comply with nationally required anti-money laundering procedures designed to protect the US financial markets from illicit actors and transactions, but knowingly did so to increase the business’s revenue," said FBI Assistant Director Christie M. Curtis, highlighting a deliberate effort to circumvent regulations. This raises concerns about the potential for other cryptocurrency exchanges to exploit similar loopholes.

The DoJ charges echo a 2022 guilty plea by Gregory Dwyer, BitMEX's first employee, for violating the Bank Secrecy Act. Prosecutors previously secured convictions against the exchange's founders for similar offenses. These actions demonstrate a coordinated effort to hold BitMEX and its leadership accountable.

BitMEX Founders Also Admitted Guilt and Received Sentences

In 2022, the three founders of BitMEX pleaded guilty to the same charges as Dwyer. Judge Koeltl took into account the exchange's belated efforts to implement AML and KYC controls during sentencing.

36-year-old Florida resident Hayes, the former CEO, received a six-month home detention sentence and two years of probation. 38-year-old Delo was sentenced to 30 months of probation and allowed to return to Hong Kong. The judge found Reed slightly less culpable than the other founders and sentenced the Massachusetts resident to 18 months of probation in July.

Both, Hayes and Delo agreed to pay a $10 million fine, at the time. All three founders – Hayes, Delo, and Reed – still own BitMEX.

The founders also reached a settlement agreement with the Department of Treasury. The agreement did not require them to admit or deny allegations that BitMEX "processed over $200 million in suspicious transactions and failed to report nearly 600 suspicious activities," according to the DOJ.

Cryptocurrency's Regulatory Struggles

The case also underscores the ongoing struggle to regulate the cryptocurrency space. While the Commodity Futures Trading Commission (CFTC) imposed a $100 million civil penalty on BitMEX in 2021 for related violations, the lack of a centralized authority creates challenges in enforcing AML and KYC requirements across the entire cryptocurrency ecosystem.

This incident serves as a wake-up call for regulatory bodies. It necessitates a collaborative effort to establish clear and comprehensive AML/KYC frameworks for cryptocurrency exchanges. Strengthening international cooperation and information sharing is also crucial to combatting money laundering and other illicit activities within the crypto sphere.

Recently, the FBI warned of the financial risks associated with using unregistered cryptocurrency transfer services, especially considering potential law enforcement actions against these platforms. The warning focussed on crypto transfer platforms that operate without proper registration as Money Services Businesses (MSB) and fail to comply with anti-money laundering regulations mandated by the U.S. federal law.

The future of BitMEX remains uncertain. The exchange faces potential financial penalties and could struggle to regain user trust. The DOJ had earlier noted that "due to the lack of KYC controls, the full extent of criminal activity on BitMEX may never be known."

This case sets a significant precedent and paves the way for stricter enforcement of AML regulations within the cryptocurrency industry.