Such cyberattacks expose regulatory gaps across jurisdictions and underscore the need for investor protection and the need for stricter crypto regulations
At the 2023 G20 Summit under India’s presidency, world economies pledged to create a global regulatory framework for crypto assets. While each country must establish Its regulations, international collaboration is equally important.
This need for both domestic and global regulatory frameworks is exemplified by the recent WazirX case, which underscores the urgency of addressing vulnerabilities in the crypto ecosystem. WazirX, one of India’s leading cryptocurrency exchanges, suffered a cyberattack in July 2024 by the North Korean hacker group Lazarus. This has been confirmed by a joint statement issued by the governments of the United States, Japan and South Korea and the three countries have pledged to collaborate to counter this.
In India, the attack has raised concerns about cybersecurity risks and the reliability of custodial exchanges. Custodial exchanges, where assets are held centrally pose significant risks, as evidenced by this cyber-attack. This episode has exposed broader systemic risks and has revived the conversation about a regulatory intervention into the entire crypto ecosystem in the country. Approximately 4.4 million users were affected.
The Anatomy of a Crypto Crisis WazirX’s holding company, Zettai Pte Ltd, is based in Singapore, meaning any legal recourse must go through Singapore’s regulatory channels, even though over 95 per cent of WazirX’s users were Indian investors.
In response to the crisis, WazirX introduced a Restructuring Scheme aimed at user recovery and long-term operational stability. The proposed scheme promises quicker asset recovery, profit-sharing mechanisms and operational changes. Last month, WazirX received approval from the Singapore High Court to propose its Scheme of Arrangement to creditors. Additionally, WazirX recently completed its asset rebalancing exercise, which ensures hack victims will receive 85 per cent of their portfolio value as of July 18, 2024. Following the breach, WazirX faced a significant shortfall in ERC-20 tokens, leaving it unable to fully cover user balances. Since matching individual token losses would be complex and impractical, the proposed Scheme aims to distribute available assets equitably among all creditors, based on their claim values at the time of the attack.
This standardised valuation approach ensures fairness and transparency and has been approved by the Singapore court.
The Scheme of Arrangement The Scheme of Arrangement promises to offer a legally binding path to recovery, ensuring equitable treatment of all creditors, regardless of the size of their claims or the type of cryptocurrency they hold. This approach takes an egalitarian stance, providing all users with a fair opportunity to recover their assets. The restructuring and resolution process will only proceed with the approval of a majority of creditors. To enhance recovery prospects, the Scheme includes the issuance of Recovery Tokens (RTs), which would give creditors a stake in future platform profits and assets. If the Scheme is rejected, WazirX may face liquidation, which would likely erode value, force the sale of assets at distressed prices and drag out the recovery process for years with uncertain outcomes.
The Way Forward
WazirX’s restructuring plan represents a bold approach to crisis management, prioritising immediate user recovery and laying the groundwork for a more resilient crypto ecosystem. However, the broader lesson from this case is the urgent need for a robust regulatory framework for virtual digital assets in India. As the G20 emphasised, global cooperation and regulatory consistency are key to addressing the risks in the crypto ecosystem. India must develop a comprehensive regulatory framework to better protect investors and mitigate future risks, ensuring the country’s preparedness for a rapidly evolving digital economy.
(The writer is CEO & Co-founder, The Policy Consensus Centre; views are personal)
