After a $230 million heist on WazirX, one of India’s leading crypto exchanges, concerns about a legal recourse for users to get back their funds and calls for stronger regulations in the sector have intensified.
Last week, the crypto exchange confirmed the security breach on its platform, leading to a theft of about 50 per cent of its total assets. While WazirX has called it a ‘force majeure event’ beyond its control, the company has said it is trying to locate and recover the lost funds.
However, clawing back the amount from a sophisticated cyberattack on its platform may not be an easy feat, crypto executives and those close to the development have said.
“Recovering stolen crypto is hard as a lot of them are converted to other tokens, and since crypto is dealt with internationally, it can go to any exchange in any country. The silver lining is that transactions can be tracked and in a few past cases it has been recovered too,” said Ashish Singhal, co-founder, CoinSwitch; a crypto exchange platform.
He elucidated that the recovery of funds following a cyberattack of this scale is a tedious process as the stolen quantum can remain in a wallet for many years at a stretch.
Meanwhile, in the backdrop of a lack of a regulatory environment for crypto in India, it becomes a challenge to terminate transactions that involve stolen tokens.
“Although it is trackable, you still cannot stop its usage everywhere. That becomes the real problem as there will always be a decentralised platform where these tokens can be converted from one to another, or one wallet to another,” said Edul Patel, CEO, Mudrex, a crypto platform.
Legal experts tracking the sector believe that users who have lost their funds can look at the country’s consumer protection laws as one recourse.
“In terms of consumers, there is no specific law which you can go to and refer to in this instant cyberattack. But in any case, consumer laws would be applicable if there is any negligence found on the part of WazirX, claiming that there was a deficiency in their services, further depending on the remedies sought by the customers relief under Information Technology Act, 2002 or Arbitration and Conciliation Act, 1996” said Navodaya Singh Rajpurohit, Legal Partner, Coinque Consulting and founder, Pravadati Legal.
On Sunday, WazirX announced a bounty program to track and freeze the stolen amount.
The company has promised that it will reward those assisting in recovery with a bounty pegged at 5 per cent of the recovered amount as part of the program.
The company did not respond to queries sent by Business Standard till press time.
Meanwhile, with the Union Budget around the corner, calls for better regulatory clarity for the sector have grown stronger.
“What should now come out of this is that there should be conversations around active regulations, making self-custody a real possibility for people, allowing decentralised exchanges to conduct transactions, which is one of the ways to secure a user’s money,” Patel from Mudrex said.
Home-grown cryptocurrency firms had earlier suggested that regulating the sector may necessitate the involvement of multiple agencies, given the approaching deadline to develop a unified framework, Business Standard reported this month.
Industry participants said that creating comprehensive legislation through a single regulator could be complex and time-intensive ahead of the 2025 timeline.
“This incident could potentially prompt regulatory changes in India. To date, no regulatory body has taken the initiative to regulate crypto in the country. While the Financial Intelligence Unit (FIU) exists, its primary mandate is the prevention of money laundering, not addressing cyber attacks, which may limit its jurisdiction in this matter, unless it is found in the investigation that the money has been laundered through this cyberatack,” legal expert Rajpurohit said.
First Published: Jul 21 2024 | 5:59 PM IST