India Supreme Court rejects petition by hack victims seeking action against WazirX exchange

• The Supreme Court of India rejected hack victims’ petition seeking action against the WazirX exchange on Wednesday.
• The court cited India’s lack of clear crypto regulations as the reason.
• The exchange was hacked in July 2024, resulting in a loss of $230 million in crypto.

The Supreme Court of India rejected hack victims’ petition seeking action against the WazirX exchange on Wednesday. The court cited India’s lack of clear crypto regulations as the reason.

The exchange was hacked in July 2024, resulting in a loss of $230 million in crypto. To gain further insights, FXStreet interviewed Arjun Vijay, CEO of the Giottus crypto platform, based in India.

Supreme Court rejects petition, cites India’s lack of crypto regulations

India’s Supreme Court dismissed a petition on Wednesday, filed by victims of the $230 million WaziX hack in July 2024. 54 WazirX users had asked the court to investigate WazirX’s co-founder, Nischal Shetty, Binance, and custody provider Liminal.

The two-judge bench, led by Justice B.R. Gavai and Justice Augustine Masih, dismissed the petition, stating that cryptocurrency regulation is a policy matter best addressed by the government, not the judiciary. This verdict suggests the absence of regulatory clarity.

WazirX hack and legal fallout: Timeline

On July 18, 2024, Indian crypto exchange WazirX, operated by Zanmai, suffered a cyberattack that led to the loss of over $230 million in user funds after attackers compromised its Ethereum multisig wallet. Following the breach, Zettai Pte Ltd, a Singapore-based entity tied to WazirX, filed for a court-approved moratorium on August 27 to restructure its liabilities under Singapore’s insolvency laws.

Meanwhile, on September 6, the hacker laundered 7,200 ETH worth $17.3 million through Tornado Cash.

Amid the crisis, Binance responded to WazirX and Zettai’s accusations. In a blog post, Binance denied any operational control over WazirX, stating it merely provided wallet infrastructure and was not responsible for the hack. 

Binance concluded by saying, “In light of the ongoing misinformation propagated by Zettai and Mr. Shetty, it is crucial for WazirX users and the broader market to understand that Binance has never owned, controlled, or operated WazirX at any point, including during the July 2024 alleged hack. Binance bears no responsibility for the operation of the WazirX platform or the consequences of the attack.”

FXStreet interviewed Arjun Vijay, CEO of the Giottus crypto platform from India, to gain more insight. Their answers are stated below:

Q1: What are your thoughts on the Supreme Court’s decision to reject WazirX’s victim’s plea? Does this set a precedent for other Indian crypto platforms?

I think the primary issue with respect to Wazirx right now is not about the hack but how they handled it post-hack. If Singapore were the right jurisdiction for the moratorium, siphoning customer funds for other uses. I don’t think this sets any precedent. I think this will only expedite the Government to come up with clear regulations soon.

Q2: How do you assess the security lapses in the WazirX hack, and what should exchanges in India learn from this incident?

Hackers are always on the prowl, looking for weaknesses. In this ecosystem, only those who are paranoid about security survive. Exchanges should store most of their assets in insured cold custody. Other funds outside the cold wallets need to be kept segregated in multiple wallets with different keys. Every new hack should be taken as a warning, and the CISO should check if the same angle of attack can happen to their platform. In the Wazirx case, we say, Wazirx wasn’t the first or the last exchange suffering from the lapses in Safe Wallet configuration. If Bybit had switched from Safe Wallets, they wouldn't have lost those thousands of Ethereum.

Q3: Could this legal setback and the hack accelerate capital flight from Indian crypto platforms to global ones?

Not necessarily. We also saw Bybit getting hacked this year. Self-custody is the best option for users who understand and can follow the best security practices. Others should ideally use Indian platforms which have been there for multiple years without any such issues. If any unforeseen event happens with an international platform, there is no legal recourse and there is no clarity on how the liquidation or fund distribution might happen. Indian exchanges are much safer that way.

Q4: How could this impact retail confidence in Indian exchanges, and how can that trust be rebuilt?

Everytime something untoward happens, the trust breaks and it needs collective effort from the ecosystem to rebuild. We saw the ecosystem rise from the bottom after the FTX hack. This too shall pass, but it is very important to learn from our mistakes and never let mistakes of the past repeat. We also see crypto getting more mainstream and we are getting closer to Indian regulations.

Q5: What role should regulators play now—more oversight, clearer guidelines, or stricter security mandates?

Establishing a regulator who bears responsibility for the ecosystem, followed by clear regulations and licenses with clarity on the legality of the crypto assets, is the way forward. Regulator can watch the sector closely and refine the rules as required by the ecosystem.