Key Highlights
- Delayed realization, permanent loss: WazirX took hours to confirm the hack despite the visible on-chain outflows, shrinking the recovery window.
- $3M recovered from $234.9M: Most stolen funds vanished through decentralized mixers, exposing limits of post-hack damage control.
- Learning vs accountability: Nischal Shetty frames the crisis as a personal lesson, while users wait years for uncertain recovery via tokenized claims.
In the long (and often chaotic) story of India’s crypto experiment, few moments have exposed its weaknesses as clearly as the July 18, 2024, hack of WazirX. In a matter of hours, $234.9 million (~₹2,135.21 Crore) disappeared from user wallets.
@media only screen and (min-width: 0px) and (min-height: 0px) {
div[id^=”wrapper-sevio-e0d3bc50-0aae-47cc-a8d7-f0c9a0cef941″] {
width: 320px;
height: 100px;
}
}
@media only screen and (min-width: 1650px) and (min-height: 0px) {
div[id^=”wrapper-sevio-e0d3bc50-0aae-47cc-a8d7-f0c9a0cef941″] {
width: 728px;
height: 90px;
}
}
window.sevioads = window.sevioads || [];
var sevioads_preferences = [];
sevioads_preferences[0] = {};
sevioads_preferences[0].zone = “e0d3bc50-0aae-47cc-a8d7-f0c9a0cef941”;
sevioads_preferences[0].adType = “banner”;
sevioads_preferences[0].inventoryId = “502576df-3ba9-44d6-aa0c-8d4d40954bc3”;
sevioads_preferences[0].accountId = “265767db-939a-4138-8819-ebf4e3d5d360”;
sevioads.push(sevioads_preferences);
Trading stopped. Withdrawals froze. And millions of Indians who had been told crypto was the future for their financial dreams found themselves staring at screens that offered no answers.
What added more salt to the injury? WazirX was not a small or obscure platform. It was marketed as India’s on-ramp to crypto, a trusted name that claimed scale, safety, and systems. As a result, when it fell, it did not just lose money. It lost confidence.
What followed was not clarity, but silence—court filings, technical updates, and months of uncertainty for users who could neither access their funds nor plan their futures.
@media only screen and (min-width: 0px) and (min-height: 0px) {
div[id^=”wrapper-sevio-bf4b3de1-2d49-4069-adb2-b7d50bdcc555″] {
width: 320px;
height: 100px;
}
}
@media only screen and (min-width: 1650px) and (min-height: 0px) {
div[id^=”wrapper-sevio-bf4b3de1-2d49-4069-adb2-b7d50bdcc555″] {
width: 728px;
height: 90px;
}
}
window.sevioads = window.sevioads || [];
var sevioads_preferences = [];
sevioads_preferences[0] = {};
sevioads_preferences[0].zone = “bf4b3de1-2d49-4069-adb2-b7d50bdcc555”;
sevioads_preferences[0].adType = “banner”;
sevioads_preferences[0].inventoryId = “502576df-3ba9-44d6-aa0c-8d4d40954bc3”;
sevioads_preferences[0].accountId = “265767db-939a-4138-8819-ebf4e3d5d360”;
sevioads.push(sevioads_preferences);
For more than 17 months after this disaster, WazirX’s leadership made conscious efforts to largely stay out of the public eye. But that changed on December 24, 2025, when Co-Founder and CEO Nischal Shetty appeared on a Roundtable Crypto podcast with The Street Senior Editor Mehab Qureshi, describing the conversation as open and honest.
What listeners heard, however, was not a hard look at institutional failure, but a personal reflection on resilience, learning, and moving on.
That framing matters because how a crisis is explained tells us who is expected to carry its weight.
A crisis recast as a personal lesson
Throughout the conversation, Shetty returned to one idea repeatedly: he does not believe in regret. “I don’t believe in regretting. I believe in learning and you know, moving forward,” he said, adding later that the last 15 months taught him more than the previous 10 years of his career.
There is nothing wrong with learning from failure. But it does become a problem when the failure involves other people’s hard-earned savings, and the learning appears largely personal. For users whose savings were trapped or erased, the idea that this episode was an educational experience for leadership feels cynically hollow.
The question that hangs over the interview is simple but uncomfortable: If this were indeed a lesson, who paid the tuition?
The first hours and the fog of confusion
Shetty’s account of how the WazirX hack was first detected raises serious concerns about preparedness. He describes receiving a call from his team roughly 30 minutes after suspicious activity began.
At that point, he says, no one knew what was happening.
“The call was you know, not so much of a conclusion. It was more of what was happening, you know, we did not know whether you know, it’s a hack, it’s a bug. What had happened, there was no awareness.”
This explanation sits uneasily in an industry built on real-time transparency. Blockchain transactions are public by design. According to Shetty himself, wallets were already showing tokens being moved out to a different address, and access to the wallet had been lost.
“But the wallet was showing that all of the tokens were being moved out to a, different address. And we had lost access to the wallet because of the chain that the attackers had done,” he said.
Still, the full realization came only later. “And then through the day, we realized that, you know, this is much of a massively hack.”
Those words — “through the day” — matter.
In cybercrime, especially in crypto, seconds, minutes, and hours are the difference between partial recovery and permanent loss.
The interview does not explain or even briefly address why alarms were not louder, why escalation was not faster, or why a platform of this size appeared unsure in the very moments when certainty was most needed.
The recovery that barely was
When asked about freezing stolen funds, Shetty’s answer is stark. “I think, so not a lot. About 3 million was frozen through these efforts. And the rest… majority.”
Out of $234.9 million, only roughly $3 million was recovered.
The explanation points to structural limits. Funds can only be frozen when they reach cooperative centralized exchanges. In this case, much of the money was routed through decentralized mixers.
“They have to land into the wallets of a centralized exchange, which is, also cooperative. But here what we saw was a lot of the mixing happened through decentralized products. And, there you have no control.”
On mixers like Tornado Cash, Shetty offers a careful balance. “I think it’s a double edged sword… Privacy is important… But the downside is this when there are malicious actors, they use that for mixing and all.”
His suggestion is to cut off their liquidity. “Let their liquidity really, you know, dry out. Because otherwise you’re, you’re actually helping all these mixer services that are servicing the bad actors.”
All of this may be true. But it also highlights a harsh reality: once the funds escaped those first choke points, recovery became nearly impossible. For users, the result is the same — the vast majority of the money is gone, and the window where more could have been saved is now history.
Custody, Liminal, and the problem of one-sided narratives
One of the most sensitive parts of the interview revolves around custody and the role of Liminal Custody. This is also where the line between explanation and positioning becomes thin.
Shetty is careful, almost measured, as if aware that every word could be read as a deflection. “Now that might be seen as. Are you you know, trying to shift, the responsibilities or something. That was not the intention,” he says early on.
It is an important caveat, but it also signals something else. This story, as told, comes largely from one side.
According to Shetty, WazirX had a multisig structure with whitelisting, designed to be the last line of defense. The implication is clear. The system was built responsibly. The failure, if any, happened elsewhere.
Yet even after months of investigations, he admits, “We are still waiting on information and some due process will be needed there to understand exactly what happened on the other side.”
That sentence does two things at once. It explains uncertainty, and it also places that uncertainty outside WazirX. The most striking moment comes later when Shetty says, “Liminal has completely disappeared after the incident… we are trying to figure out what exactly happened… till that doesn’t happen, I don’t want to like, you know, really, say something.” He adds, cooperation remains “a hurdle.”
From a journalistic standpoint, this is where caution is necessary. We do not know what happened inside Liminal. We do not know what their version of events is. We do not know what internal logs, controls, or failures existed on their end. What we have is one narrative, repeated consistently, but still incomplete.
It is entirely possible that Liminal failed in ways that materially contributed to the WazirX hack. It is also possible that the full picture is more complex, involving shared assumptions, shared access models, or shared blind spots. Without transparency from all parties, any clean separation of blame risks oversimplifying a deeply technical failure.
What users see, however, is simpler. They trusted WazirX, not its vendors. They did not choose the custody partner. They did not design the architecture. Responsibility, even if legally distributed, feels concentrated at the platform level.
The later move to BitGo, a more established custodian, strengthens Shetty’s argument that lessons were learned. But it also quietly reinforces a harder truth. The risk of choosing a newer custody partner was taken earlier. When that risk failed, users paid first.
That does not make WazirX reckless. It makes it human. But human decisions in financial systems have human consequences, and those consequences deserve more than procedural explanations.
Ecosystem isolation and convenient framing
Shetty’s description of the industry response paints WazirX as largely isolated. “I don’t think there’s anyone who can really truly from an India point of view, be able to support in terms of the finances because it’s just a massive hack,” he says.
There is truth here. India’s crypto industry is small, heavily taxed, and structurally weak compared to global peers. No single exchange could realistically absorb a loss of this scale. Yet this framing also subtly shifts the conversation from internal preparedness to external limitations.
Some competitors, Shetty says, offered personal support. Others, he implies, tried to gain users during WazirX’s shutdown. “Some of them took that opportunity and I think it’s a very unfortunate thing.” He says he does not endorse such behavior.
Still, the larger question remains unanswered. If the ecosystem is too weak to support failure, should platforms handling billions be operating without stronger collective safeguards? Isolation may be real, but it also reflects how fragmented the system remains.
Users were not just waiting for WazirX to recover. They were waiting for the ecosystem to prove it could protect them. That proof clearly hasn’t arrived.
Victimhood, pressure, and perspective
Shetty’s account of the personal abuse he faced is deeply unsettling. “Every day during that, first few months, I used to get emails threatening me, or my family… death threats and all sorts of threats.” At the peak, he says, there were “hundreds of thousands of threats.”
There is no debate here. Threats are unacceptable. They cross a moral line and deserve condemnation without qualification.
At the same time, there is a delicate balance between acknowledging harm and centering oneself within the story. The interview understandably focuses on the toll on Shetty as a founder and individual. But it risks creating a narrative where leadership appears primarily as a victim of circumstance.
This is not to say Shetty is playing the victim deliberately. But when the story is told largely through personal suffering and endurance, it can unintentionally minimize the quieter suffering of users. Many lost access to funds without public voice, without outrage campaigns, and without the ability to move on.
Leadership does involve carrying pressure. It also involves carrying responsibility for others’ losses, even when those losses were not caused by intent or negligence.
Comparisons, litigation, and the cost of waiting
When asked about comparisons with Bybit, Shetty firmly rejects them. He points to scale and proportion. For WazirX, the hack was 45% of assets. For Bybit, it was much smaller.
The analogy he gives is effective. Losing most of what you have is devastating.
Yet comparisons are not always about size. They are about response. Other ecosystems managed faster recoveries, clearer communication, and stronger safety nets. Shetty acknowledges this difference but attributes it largely to ecosystem capacity.
That may be accurate. But it also raises an uncomfortable possibility. If Indian users operate in an ecosystem that cannot absorb shocks, then they carry more risk by default. That risk was never clearly and definitively priced in when millions were onboarded to crypto.
The ownership dispute with Binance is discussed briefly and with visible restraint. “The ownership thing will resolve when it resolves,” Shetty says, suggesting users need not worry operationally.
From a legal standpoint, that may be correct. From a trust standpoint, it is less reassuring. Ownership disputes shape accountability. They affect who ultimately stands behind user funds. Treating them as background noise does little to restore confidence.
The Singapore restructuring: Fast on paper, slow for users
When WazirX restarted in October 2025, the restructuring in Singapore was presented as a necessary and efficient process.
Nischal Shetty explains that the jurisdiction was unavoidable. “Singapore was the, the main jurisdiction because… the funds at the time of the attack were… with the Singapore entity. So you couldn’t… choose where you want to go.”
Legally, that may be correct. Practically, it offered little comfort to users who waited over a year with frozen assets. Shetty describes the 15-month process as unusually fast. “Fifteen months is one of the fastest… with 4 million people who are creditors,” he says, while also acknowledging delays caused by a last-minute change in Singapore law.
The recovery structure itself shifts much of the risk forward. After distributing the remaining funds at restart, WazirX asked users to wait again. “Give us three more years and we’ll try our best to make as much revenue, and profits as we can,” Shetty says, introducing Recovery Tokens as claims on future earnings.
That future is uncertain by his own admission. “If we can do $235 million in the next three years… $235 million is not loose change.” The plan depends on regulatory relief, market recovery, and sustained profitability in a market still weighed down by high taxes and low volumes.
Shetty compares the restarted exchange to an infant. “Wazirx is technically… maybe 45 days old,” adding that profitability may take a year. Yet personally, he sounds optimistic. “I thought I would feel relieved, but I think I feel excited.”
For leadership, the restructuring signals progress. For users holding Recovery Tokens, it signals another long wait built on assumptions they did not choose. Fast on paper, perhaps, but the recovery is still unfinished.
Learning, accountability, and the space between
The interview ends with Shetty’s central belief. “I don’t believe in regretting. I believe in learning and you know, moving forward.”
This philosophy explains a lot. It explains the focus on resilience. It explains the forward-looking tone. It also explains why some users feel unheard.
Learning is inward. Accountability is outward.
This podcast tells us what Nischal Shetty feels, what he believes, and what he has learned. What it does not tell us, at least not yet, is the full story behind the systems that failed, the partners involved, and the decisions that amplified risk.
Until those gaps are filled, it remains possible that this is not the complete picture. It is one version of events, told calmly, confidently, and persuasively.
For users, the story is still unfinished. And for trust to return, learning alone will not be enough.
The final word: A masterclass in deflection
There is a peculiar kind of corporate arrogance currently being packaged as ‘leadership’ in the Indian crypto space. It’s the sound of a WazirX Founder, in what now reads as the rise and fall of WazirX, describing a ₹2,000 crore heist not as a systemic failure, but as a ‘profound learning experience.’
Nischal Shetty says he doesn’t believe in regret. It must be a wonderful luxury to have, especially when you aren’t the one staring at a frozen screen, watching your life savings evaporate into a North Korean mixer. WazirX claims they didn’t know what was happening for hours; this, in an industry built on real-time transparency.
Now, they offer ‘Recovery Tokens’—essentially digital IOUs. They are asking for three more years of your patience while they find their ‘resilience.’
But here is the question that stays: If this was a lesson, why did the users have to pay the tuition?
WazirX didn’t just lose tokens; they lost the one thing no algorithm can recover: Trust.
And in the world of finance, if you don’t have regret for losing that, you shouldn’t be in the business of holding it.
Think about it.
Also Read: Jane Street in the Crosshairs: From $566M India Penalty to Terra Front-Running Suit
