WazirX — India CEX / 2024-07 Liminal hack ~$235M loss overview

Wiki route

This entry sits under exchanges index. Read it against CoinDCX for the closest India peer / contrast context, Bybit Lazarus hack for parallel North Korean attribution pattern, and International comparison of crypto-asset exchange bankruptcy proceedings for the restructuring / scheme-of-arrangement framework.

Established 2018-03 · former largest in India INR spot · acquired by Binance 2019-11 → 2023 dissociation public dispute · 2024-07-18 Liminal hot wallet hack ~$235M (the largest crypto-asset outflow in India’s history) · restructuring underway via a Singapore Scheme of Arrangement

1. Entity / shareholders

Trade name: Zanmai Labs Private Limited (India operating company)
Parent: Zettai Pte. Ltd. (Singapore entity, group holding company)
Established: 2018-03 (Mumbai, India)
Founders: Nischal Shetty (CEO), Sameer Mhatre (CTO), Siddharth Menon (COO)
Shareholder composition:
- Binance: announced acquisition of WazirX 2019-11 — but a public dispute between the two companies over the scope of the acquisition (Binance: “acquired only the IP / app / trademarks, did not acquire the operating entity”)
- Tiger Global, etc.: early investors
- Nischal Shetty / co-founders: continued shareholding
Peculiarity of the Binance relationship: in 2023 年, Binance clarified on its official blog that “Zanmai Labs operates WazirX independently of Binance” → understood in the industry as a de facto dissociation
Since the 2024-07 Liminal hack, the shareholder structure has become a target of reorganization under the restructuring process

2. Registration / licensing status (India framework)

FIU-IND PMLA reporting entity: registered (in 2024 年)
2024-03 FIU-IND Show Cause Notice: WazirX was included among the 9 offshore CEXs serving India residents (Binance, Kucoin, OKX, MEXC, etc.) and underwent PMLA compliance review
1% TDS / 30% capital gains: complies with tax obligations as does CoinDCX
Singapore side: as Zettai Pte. Ltd., filed for a Moratorium with the Singapore High Court (2024-08) → Scheme of Arrangement process underway

3. Supported assets

INR spot market (one of the 1 largest in the India market before the 2024-07 hack)
Number of supported listings: 250+ (at pre-hack peak)
USDT market co-located
After the 2024-07 hack: a continued state of withdrawal suspension → partial resumption → trading restrictions on various pairs

4. Scope of business

Spot trading (INR / USDT pairs)
P2P trading (for India-domestic users)
staking: limited
Fiat deposits: via India-domestic bank accounts (IMPS / UPI / NEFT, restricted depending on banks’ stance)
Since the 2024-07 hack: phased suspension / partial resumption of trading and deposit/withdrawal functions; normal operation impossible until restructuring is complete

India spot market share: before the 2024-07 hack, one corner of the duopoly alongside CoinDCX (at times regarded as India market #1 )
Since the 2024-07 hack: effectively ceded the market #1 position to CoinDCX
User count: over 1,500 万 (pre-hack disclosure basis)
24h volume: $50–200M before the hack; sharply contracted after the hack

6. History / major events

Period	Item
2018-03	WazirX established (Mumbai, co-founded by Nischal Shetty)
2019-11	Binance announces acquisition of WazirX (the scope of acquisition later became contested)
2020-03	India Supreme Court rules RBI circular unconstitutional; industry revitalized
2021–2022	Rapid growth as the largest player in the India market; user count over 1,000 万
2022-07	India 1% TDS / 30% capital gains taxation enforced; trading volume contracts
2022-08	Enforcement Directorate (ED) $8M related account-freeze case
2023	Binance / WazirX public dispute — Binance blog explicitly denies the operating-entity relationship
2024-03	Received FIU-IND Show Cause Notice; PMLA compliance review
2024-03	FIU-IND PMLA reporting entity registration completed
2024-07-18	A hot-wallet attack via a Liminal custody multi-sig wallet drains approx. $235M-equivalent of crypto assets. The largest in India’s history, a global top-5 -tier outflow case
2024-07–08	Withdrawal suspension; announcement of a debt-restructuring policy under a socialized-loss model
2024-08	Zettai Pte. Ltd. files for a Moratorium with the Singapore High Court
2024-10	Scheme of Arrangement proposed; creditor-voting process begins
2025	Scheme of Arrangement approval / objection process continues; partial distribution begins
2026	Restructuring continues; full recovery of normal operation not yet complete

7. Strategic developments

Dispute over the cause of the Liminal hack: WazirX argues it was a problem with the multi-sig wallet of Liminal Custody (crypto custody / forensics vendor layer). Liminal argues it was a key-management problem on WazirX’s side. The two companies’ official statements conflict, and responsibility has not been fully established
North Korean Lazarus group involvement theory: on-chain forensics (Chainalysis / Elliptic / TRM Labs) of the drained funds suggested Lazarus involvement. The same attack pattern as Bybit hack
socialized-loss proposal: a restructuring plan apportioning the drained funds across all customers → strong pushback from customers; multiple lawsuits filed
Scheme of Arrangement: a debt-restructuring framework under Singapore company law. The consistency between India-domestic creditors and the offshore structure is a point of contention
Binance relationship: whether Binance bears legal / economic responsibility after dissociation is a point of litigation
Regulatory response: the burden of parallel handling across multiple authorities — FIU-IND / Singapore MAS / India ED

8. Position within the industry

WazirX, as a symbolic case of one of the largest security incidents in India’s crypto industry + a cross-border restructuring, became a reference case for global CEX resilience. As a large-scale hack preceding Bybit Lazarus hack (2025-02, $1.5B), it became an occasion to re-evaluate best practices for custody providers’ multi-sig implementation / key management / attack detection.

In the context of International comparison of crypto-asset exchange bankruptcy proceedings, unlike the FTX-bankruptcy type (fraud + co-mingling), it is a bankruptcy pattern close to the Coincheck / DMM Bitcoin type of hack-caused + cross-border restructuring. However, in mediating through a Singapore entity, it is not a purely domestic case but a typical example of Asian cross-border restructuring.

cex-coindcx-india — India’s largest player #1 (destination of the market-position transfer, most important cross-link)
bybit-lazarus-hack-detailed-analysis — Lazarus attack-pattern comparison
dmm-bitcoin-lazarus-hack-detailed-analysis — Same Lazarus attack-pattern comparison
coincheck-nem-hack-detailed-analysis — Comparison with a same-scale Japan hack case
global-crypto-exchange-bankruptcy-comparison — Global CEX bankruptcy comparison
global-crypto-forensics-vendor-layer — Liminal / Chainalysis / Elliptic layer
global-cex-top10-comparison — Global CEX top 10
INDEX — Exchange domain index

Sources

Compilation of public information (WazirX official IR / About / Hack response, wazirx.com)
Compilation of public information (Binance 2019-11 WazirX acquisition announcement / 2023 dissociation official statement, binance.com Blog)
Compilation of public information (FIU-IND 2024-03 Show Cause Notice public information)
Compilation of public information (Liminal Custody 2024-07 multi-sig wallet incident official statement)
Compilation of public information (Zettai Pte. Ltd. Singapore High Court Moratorium / Scheme of Arrangement public materials)
Compilation of public information (WazirX restructuring proposal 2024-10 / 2025 reporting, Reuters / CoinDesk / The Block)
Compilation of public information (North Korean Lazarus-related onchain forensics analysis, Chainalysis / Elliptic / TRM Labs public reports)
Compilation of public information (India Enforcement Directorate WazirX-related account freeze 2022-08 reporting)