When two crypto exchanges decide to merge liquidity, they build a bridge between two fortresses—but what if that bridge becomes a Trojan horse?
🔥 July 18, 2024, at 19:47 UTC, the multi-sig wallet of Indian exchange WazirX on the Ethereum network began draining at a rate of $4 million per minute. Hackers, allegedly linked to the North Korean group Lazarus Group, methodically siphoned tokens: SHIB, ETH, MATIC, PEPE. Within an hour, the wallet’s balance hit zero—$230 million vanished into the digital void. But the catastrophe didn’t begin that day. It was programmed five years earlier, when WazirX made a decision that seemed brilliant: integrating its system with global giant Binance via a shared liquidity mechanism.
⚡ The architecture was elegant in its simplicity: Indian users gained access to Binance’s deep liquidity, while Binance tapped into India’s growing market. But this linkage created a single point of failure. The multi-sig wallet required 5 signatures from WazirX and 1 from Liminal Custody—the provider managing the storage infrastructure. When hackers compromised the system, they exploited not a technical bug but an architectural decision: trust between two systems became an attack vector. 340,000 users woke up on the morning of July 19 to find their funds frozen, trading halted, and India’s largest crypto platform teetering on the brink of bankruptcy.
💰 In 2019, India’s crypto market was under siege. The Reserve Bank of India had imposed a de facto ban on banking operations with cryptocurrencies, trading volumes plummeted by 90%, and local exchanges gasped for liquidity. WazirX, founded by Nischal Shetty in 2018, was desperate for survival. The solution came in a deal with Binance: in November 2019, Changpeng Zhao announced the acquisition of WazirX—though legally, the deal was never fully completed. The cornerstone of the partnership was liquidity integration—WazirX gained access to Binance’s trading pairs and order book depth, while sharing fees and its user base in return.
🔗 The technical implementation required a hybrid storage infrastructure. WazirX couldn’t keep all assets in its own cold wallets—that would’ve contradicted the logic of shared liquidity. Instead, they opted for a multi-sig wallet model with distributed control: 5 keys held by the WazirX team, 1 key by Liminal Custody, a specialized institutional custody provider. This setup was considered the gold standard of security: withdrawing funds required majority approval, theoretically eliminating unilateral control. But the architecture had a hidden vulnerability—it assumed all multi-sig participants acted independently and were protected from compromise.
🌐 The Binance integration turned WazirX into India’s largest platform. By 2021, the exchange processed $43 billion in annual trading volume, with its user base swelling to 16 million. Shared liquidity worked like an amplifier: Indian traders accessed hundreds of trading pairs, spreads tightened, slippage minimized. But this efficiency came at a cost—WazirX grew increasingly dependent on its partner’s infrastructure, and the boundary between the two systems blurred.
📊 Regulatory pressure in India intensified. In 2022, the government imposed a 30% tax on crypto profits and a 1% TDS on every transaction, crushing trading volumes by 95%. WazirX faced investigations by the Enforcement Directorate, which froze $8 million in the exchange’s bank accounts, accusing it of violating foreign exchange laws. Under these conditions, the architectural link to Binance seemed like a lifeline—it preserved liquidity even as local volumes collapsed. But this very dependency made WazirX vulnerable.
🕵️ The hackers had studied the architecture for months. Lazarus Group, infamous for stealing $625 million from the Ronin Bridge in 2022 and $100 million from Horizon Bridge, specialized in attacks on crypto infrastructure. Their method wasn’t brute force—it was social engineering and exploiting trust between systems. In WazirX’s case, the target wasn’t the multi-sig wallet itself but the interaction process between signatories. The attackers compromised the communication channel between WazirX and Liminal Custody, swapping legitimate transactions for malicious ones. When signatories approved what seemed like routine operations, they were actually authorizing withdrawals to hacker-controlled addresses.
⚠️ On July 18, 2024, the security system detected no anomalies—the transactions appeared legitimate, all required signatures were in place. Only when the wallet’s balance began plummeting did the WazirX team grasp the scale of the disaster. But it was too late: $102 million in SHIB, $52 million in ETH, $11 million in MATIC, $7.6 million in PEPE, and dozens of other tokens were already moving through mixers and decentralized exchanges. The hackers operated with surgical precision, splitting large sums into thousands of small transactions to evade tracking.
🔒 WazirX immediately suspended all trading and withdrawals. 340,000 users found themselves locked out—their assets on the exchange reduced to numbers on a screen, inaccessible. The exchange’s team reached out to law enforcement in India, Singapore, and the U.S., but crypto transactions are irreversible—the stolen funds had already dissolved into the blockchain. Binance publicly distanced itself from the incident, stating it neither owned nor controlled WazirX, and that the 2019 deal was never legally finalized. This statement shocked India’s crypto community—it turned out the architectural integration existed, but legal responsibility remained murky.
💔 In August 2024, holding company Zettai Pte Ltd, which owned WazirX, filed for a moratorium on debt restructuring in the Singapore High Court. The exchange proposed a "loss socialization" strategy—distributing losses proportionally among all users. This meant every WazirX client would lose roughly 45% of their funds, regardless of whether their assets were in the compromised wallet. The decision sparked outrage: users who kept funds on the exchange at the time of the hack were effectively subsidizing the losses of those who had withdrawn earlier.
⚖️ The legal battle exposed a fundamental problem in the crypto industry—the lack of clear user protection mechanisms for centralized platform bankruptcies. In traditional finance, deposit insurance systems exist, but crypto exchanges operate in a legal vacuum. WazirX argued that loss socialization was the only way to avoid total liquidation and preserve some chance of future fund recovery. Critics countered that the exchange was shifting responsibility for its own architectural missteps onto its clients.
📉 India’s crypto market took a hit from which it still hasn’t recovered. Trust in centralized exchanges collapsed, and users mass-migrated to self-custody in cold wallets. Trading volumes on Indian platforms dropped by 60% in the month following the hack. Regulators seized on the incident as ammunition for stricter controls—the Reserve Bank of India revived discussions of a total crypto ban, citing risks to financial stability.
📌 Today, in May 2026, WazirX is still in restructuring. Some users have received 30% of their frozen funds in the form of tokenized debt obligations, trading at a 70% discount on secondary markets. Binance has severed all ties with the Indian exchange, scrubbing mentions of the partnership from official documents. In March 2026, the Indian government passed a crypto exchange licensing law requiring 100% of user funds to be held in cold wallets under regulator control—a direct response to the WazirX catastrophe.
🛡️ The global crypto industry learned its lesson. New security standards, developed by the Crypto Security Alliance, ban shared liquidity without full legal separation of assets. Institutional custody providers like Fireblocks and Copper have implemented multi-factor transaction verification systems using biometrics and hardware tokens. But the fundamental paradox remains unresolved: centralized exchanges, promising convenience and liquidity, inevitably create risk concentration points in a system originally designed to be decentralized.
🌍 The WazirX story isn’t just about one hack. It’s about how architectural decisions made in moments of crisis can shape the fate of entire ecosystems. The Binance integration saved the Indian exchange in 2019, but it planted a time bomb that detonated five years later. Today, a new generation of decentralized exchanges—dYdX, GMX, Vertex Protocol—is building an alternative architecture where users retain control of private keys even while trading. But the path to true decentralization is long, and the allure of centralized efficiency remains strong. $230 million and 340,000 frozen accounts—the price of a lesson the crypto industry is still learning.