Indian cryptocurrency exchange WazirX announced on Saturday a controversial plan to "socialize" the $230 million loss from its recent security breach among all its customers, a move that has sent shock waves through the local crypto community.

The Mumbai-based firm, which suspended all trading activities on its platform last week following the cyberattack that compromised nearly half of its reserves in India's largest crypto heist, has outlined a strategy to resume operations within a week or so while implementing a "fair and transparent socialized loss strategy" to distribute the impact "equitably" among its user base.

WazirX will "rebalance" customer portfolios on its platform, returning only 55% of their holdings while locking the remaining 45% in USDT-equivalent tokens. This will also impact customers whose tokens were not directly affected by the breach, with the company stating that "users with 100% of their tokens in the 'not stolen' category will receive 55% of those tokens back."

The security breach resulted in the theft of over 200 different cryptocurrencies, with the bulk of the losses concentrated in several popular tokens, including Shiba Inu (SHIB), Ethereum, Polygon's MATIC, and the meme cryptocurrency Pepe, according to blockchain data analysis provided by third-party explorer Lookonchain.

The cyberattack, which occurred on July 18, exploited a discrepancy between the data displayed on multisignature wallet provider Liminal's interface and the actual contents of transactions, according to WazirX.

WazirX is offering users two options moving forward. Option A allows customers to trade and hold their crypto assets with priority for recovery efforts but restricts withdrawals. Option B permits trading and withdrawals but places users at a lower priority for recovery. Users can switch between these options, albeit with certain conditions.

"Option B lets you trade and withdraw your assets, but recovery efforts will focus on those who chose Option A first. You can switch to Option A anytime before you make any trades or withdrawals," WazirX added.

On a one-way call addressed to the community Friday evening, WazirX founder Nischal Shetty confirmed that the firm didn't insure customer's funds because such options weren't viable, he said. A recovery effort may or may not work and could take years, he cautioned.

"WazirX is actually exercising control over crypto assets that it holds for users. This means that it is not just acting as an interchange and a depositary, but actually reaching into user wallets and taking out crypto and giving it to others. It can't claim to be an exchange only," said Nikhil Pahwa, a leading policy voice and editor of MediaNama.

Many WazirX customers also asked the firm Saturday why it is not tapping its own profit reserves to make customers whole or at least lessen the damage.

This article originally appeared on TechCrunch at https://techcrunch.com/2024/07/27/wazirx-to-socialize-230-million-security-breach-loss-among-customers/