WazirX said it is in the process of migrating its remaining assets held with Liminal to new multisig wallets
The crypto exchange claimed that while its systems remain uncompromised, the same cannot be said for the custodian's interface
Hackers decamped with crypto assets worth $230 Mn from WazirX’s multisig wallet last month, leading to the loss of 45% of its customer funds
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Hit by a $230 Mn heist last month, crypto exchange WazirX is terminating its arrangement with wallet infrastructure provider Liminal.
In a post on X on Wednesday (August 14), the exchange said it is in the process of migrating its remaining assets held with Liminal to new multisig wallets. WazirX attributed the move to the need to ensure maximum security of its crypto assets in “light of recent events”, hinting at the crypto hack.
“This step (migrating assets) is essential to ensure maximum security of the assets in light of recent events. While we believe our interface and systems remain uncompromised, the same cannot be said for the custodian’s interface post the July 18th incident, prompting this precaution,” said WazirX.
The homegrown crypto exchange also said that it is exercising “extreme caution” in how and when to transfer these assets due to the “complexity” of the entire process. Assuaging users of the safety of the move, the company refused to provide any exact timeline for the migration of the crypto assets.
Meanwhile, in a statement, a Liminal spokesperson said, “As clarified in our previous statements as well, the client in question is using our self-custody wallet infrastructure software. They have complete access to all the wallets and funds at all times and are the sole initiators of all transactions. They also get recovery kits and backup kits to gain complete access to their wallets in the event that Liminal were to not exist for any reason. This is a standard and default feature of all self-custodial wallet infrastructure products”.
The wallet infrastructure provider added, “The client could have removed the funds immediately post the incident. They’ve always had the ability to exercise full control of wallets, regardless of Liminal or the Liminal key. We have supported and will continue to support the client in moving their wallets and assets as requested”.
It is pertinent to note that this is not the first time that the Indian crypto exchange has sparred publicly with the wallet infrastructure provider. Right after the heist, WazirX claimed that the attack likely originated from Liminal’s infrastructure as the hackers bypassed the latter’s final verification step.
However, the digital asset management platform denied the allegations and claimed that the “incident originated from an external source”.
“… Our initial assessment indicates that Liminal’s platform, infrastructure, wallets, and assets remain secure… As a wallet infrastructure support platform, we emphasise that this incident originated from an external source, underscoring the crucial need for comprehensive security measures across platforms,” Liminal said at the time.
The latest development comes nearly a month after hackers decamped with crypto assets worth $230 Mn from WazirX’s multisig wallet on July 18. The cyberattack led to the loss of 45% of the crypto exchange’s customer funds.
Quickly afterwards, the company announced a bounty programme and offered a prize of $23 Mn to help recover the stolen funds. It also called on blockchain forensics experts and cybersecurity professionals worldwide to help regain access to the stolen assets.
Later on, US’ Federal Bureau of Investigation (FBI) reportedly joined the probe and attributed the hack to unnamed North Korean hackers. Last month, cybersecurity firm CYFIRMA claimed that North Korea-backed hacker group Lazarus was behind the security breach.
Additionally, the crypto exchange had also sought public feedback from its users to make customers absorb 45% of the losses. After a public outlash, it “decided to go slow” on its 55-45 approach and later shelved the plan.
Last week, a first information report (FIR) was also filed by a special cell of the Delhi Police in connection with the $230 Mn cyberattack. Meanwhile, just days ago, a plea was filed before the National Company Law Tribunal (NCLT) against WazirX and others for an investigation into the high-profile crypto heist.
Note: August 17, 11:10 PM, This story has been updated to include Liminal’s comment.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.