The NCDRC dismissed the WazirX case, calling the current cryptocurrency framework "nebulous."

The National Consumer Disputes Redressal Commission (NCDRC) recently rejected an investor lawsuit against WazirX, a cryptocurrency exchange serving the Indian market, underscoring the continued uncertainty surrounding cryptocurrency regulation.

The investors went to the NCDRC, claiming that WazirX had a "deficiency in service" after a cybersecurity incident in July that cost them about $233 million. They argued that the cyberattack was made possible by WazirX's inadequate security measures.

The NCDRC ruled that the consumer court lacked jurisdiction to decide the case and said that the regulatory framework for cryptocurrencies is still "nebulous." The possible security measures WazirX could have taken to prevent the breach and the financial impact on investors were not discussed in the ruling.

Specifics of the NCDRC case

More than $233 million, or about 45% of WazirX's digital asset holdings, was taken out of one of its "multisig wallets" on July 18, 2024. Multiple private keys are needed for transaction authentication in a multisig wallet before processing and confirmation can take place.

Users suffered large losses as a result of the company's quick suspension of withdrawals on its platform. Withdrawals were further postponed in September when a Singaporean court issued a four-month moratorium on any legal actions against WazirX. Since then, the exchange has claimed that the North Korean-based Lazarus Group was responsible for the attack.

Indian users complained to the NCDRC in January 2025 about WazirX's poor service and their allegation that the platform engaged in unfair trade practices by stopping

Whether cryptocurrency is a "good" under the Consumer Protection Act, 2019 (CPA) and whether the NCDRC has the jurisdiction to hear the case at all were the two main issues it looked at in this case.

India's Cryptocurrency Regulation

The Reserve Bank of India (RBI), which has previously attempted to impose strict restrictions on its use, has not recognized cryptocurrencies as legal tender, despite the fact that their possession and transactions are legal. "Entities regulated by RBI shall not deal with or provide services to any individual or business entities dealing with or settling VCs," the RBI stated in a 2018 notification outlining the different risks connected to virtual currencies (VCs). It is important to remember that the RBI targeted financial institutions, including banks, to stop them from facilitating cryptocurrency trading rather than outright banning it.

The Supreme Court reversed this notice in 2020, confirming that the RBI is indeed able to regulate VCs. According to Article 19(1)(g) of the Constitution, which protects everyone's right "to practise any profession, or to carry out any occupation, trade, or business," the Court found that the notification unnecessarily violated the rights of those running venture capital exchanges. The Supreme Court came to the conclusion that the RBI had not presented enough proof to show that VC exchanges had a negative impact on financial institutions' operations.

Despite several attempts, Parliament has not yet passed any specific laws regulating VCs and associated transactions. The government proposed "The Cryptocurrency and Regulation of Official Digital Currency Bill" in 2021 with the intention of outlawing "private" cryptocurrencies and creating a Central Bank Digital Currency and a regulatory board to supervise crypto-related issues. Nevertheless, Parliament never discussed this bill, and nothing more has been done about it since.