WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report

WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report

SUMMARY

A comprehensive review of Liminal’s web application found “no evidence” that the attack, which saw 45% of user funds vanish from WazirX, originated from its infrastructure

Liminal said it can never initiate a transaction in the self-custody wallet infrastructure, stressing that all such transactions originate from clients’ end first

This comes days after WazirX blamed Liminal for the issue with its multisig wallet that led to loss of over $230 Mn in crypto assets and ended its relationship with the firm

Multiparty computation wallet infrastructure provider Liminal has yet again blamed WazirX for the $230 Mn exploit, claiming that a forensic analysis found no evidence that the cyber attack originated from its web application.

Liminal hired audit and forensics company Grant Thornton to conduct a comprehensive review of its web application including the front end, User Interface (UI), and backend of Liminal’s infrastructure.

After hackers stole $234.9 Mn in crypto assets from WazirX in July, Liminal began an in-house probe and consulted with third-party auditors to carry out a forensic investigation of its infrastructure.

Preliminary findings found a “mismatch” between data shared by Liminal and the payload received from WazirX’s systems, which hinted at a potential compromise either at WazirX’s end or within Liminal’s frontend systems, the company said.

A further investigation into the discrepancy found “no evidence of compromise or vulnerabilities related to the transaction workflow” on Liminal’s end, it added.

The findings suggest that the issue likely originated from outside Liminal’s infrastructure, the company said, pointing the finger at WazirX — yet again.

“We reiterate that the product in question for this incident is our self-custody wallet infrastructure, wherein a majority of the private keys that control and operate the wallets remain with our clients on their infrastructure. In this product, Liminal can never initiate a transaction and all transactions always originate at our client’s end first,” it said.

Queries sent to WazirX did not elicit any response by the time of publishing this story.

It is pertinent to note that WazirX’s multisig wallet that was compromised in the attack was using Liminal’s digital asset custody service.

The hacked Safe Multisig wallet required six signatories, from which five were of the WazirX and one from infrastructure and custody partner Liminal.

WazirX and Liminal have been continuously blaming each other for the hack, leaving users in the dark about the security of funds.

In a blog post on July 18 — the day of the hack — WazirX said the attack stemmed from a “discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents.”

Nearly a month after the $230 Mn crypto heist, WazirX on August 14 said it was ending its relationship with Liminal and moving its funds into new multisig wallets.

Consequently, WazirX said that a forensic probe by Mandiant, a subsidiary of Google, into the hack found that its laptops and systems were not compromised and that findings largely indicated that the cyberattack originated from Liminal.

This comes at a time when WazirX is looking for “white knights” to bail it out after it was hit by a cyberattack, allegedly by North Korean hackers.

WazirX parent Zettai has moved the Singapore High Court seeking a moratorium as part of its restructuring plans. WazirX will either sell off some assets or form strategic partnerships with investors under the scheme of arrangement.

The hacked exchange has also been facing flak in India, with CoinSwitch threatening to take legal action against the hacked crypto exchange to recover 2% of its trapped funds.

 

 

 

 

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report-Inc42 Media
WazirX Hack: Liminal’s Platform Not Responsible, Confirms Third-Party Forensic Report-Inc42 Media
You’re in Good company