WazirX: India

FORENSIC REPORT

Time of death: July 18, 2024, approximately 2100 UTC. The specimen—WazirX, India's largest cryptocurrency exchange by volume—was found exsanguinated of $234.9 million USD equivalent across multiple token standards on the Ethereum network. Initial responders noted the victim had been operating in what appeared to be stable condition prior to the fatal incident. The Safe multisig wallet, which should have functioned as the victim's circulatory system, had been completely compromised.

Cause of death analysis reveals a textbook phishing exploit targeting the Safe multisig signers themselves. The attackers executed what we in the field call 'social engineering meets cryptography'—they didn't crack the Safe contract. They cracked the humans protecting it. One or more signers received fraudulent communications, likely impersonating internal WazirX personnel or familiar services, and approved malicious transactions. The multisig threshold, intended as a protective checkpoint, became a murder weapon once signers lost custody of their credentials. The specimen's treasury drained systematically: stETH, USDC, DAI, and other holdings flowed out like blood from a severed artery. The Safe wallet itself performed exactly as designed—it validated signatures and executed transactions. The problem wasn't the Safe. The problem was that the Safe contained human beings.

Contributing factors paint a picture of preventable negligence. There is evidence suggesting inadequate operational security protocols around signer communication channels. No hardware wallet enforcement observed. No unusual transaction monitoring that would trigger emergency procedures. The victim operated in a high-velocity environment typical of exchange operations, where speed sometimes outpaces paranoia—a fatal miscalculation in cryptocurrency. The attacker's reconnaissance was meticulous; they understood the victim's operational structure well enough to impersonate it convincingly. This was not a smash-and-grab. This was a con executed by someone who'd studied their mark.

Victim impact assessment: $234.9 million in direct losses. WazirX users' assets evaporated. The Indian crypto ecosystem recoiled. This wasn't merely a technical failure; it was a trust collapse. An exchange that had positioned itself as a gateway for India's retail crypto participation became a case study in what happens when custody meets complacency. The second-order damage—regulatory scrutiny, user exodus, reputational incineration—will exceed the direct loss by orders of magnitude.

Pathologist's note: The Safe multisig wallet is not the cadaver here. Safe is a well-engineered piece of infrastructure. What we've autopsied is organizational security theater. WazirX built a vault with excellent locks and then handed the keys to people receiving phishing emails. In 15 years of analyzing crypto deaths, I've learned that the most sophisticated security architecture is worthless if the humans operating it treat their credentials like a grocery list. This specimen died not from technical failure, but from the ancient art of social engineering—man in the middle, reimagined for the blockchain age. The Safe multisig performed flawlessly right up until it didn't.