A comprehensive review of Liminal’s web application found “no evidence” that the attack, which saw 45% of user funds vanish from WazirX, originated from its infrastructure
Liminal said it can never initiate a transaction in the self-custody wallet infrastructure, stressing that all such transactions originate from clients’ end first
This comes days after WazirX blamed Liminal for the issue with its multisig wallet that led to loss of over $230 Mn in crypto assets and ended its relationship with the firm
Multiparty computation wallet infrastructure provider Liminal has yet again blamed WazirX for the $230 Mn exploit, claiming that a forensic analysis found no evidence that the cyber attack originated from its web application.
Liminal hired audit and forensics company Grant Thornton to conduct a comprehensive review of its web application including the front end, User Interface (UI), and backend of Liminal’s infrastructure.
After hackers stole $234.9 Mn in crypto assets from WazirX in July, Liminal began an in-house probe and consulted with third-party auditors to carry out a forensic investigation of its infrastructure.
Preliminary findings found a “mismatch” between data shared by Liminal and the payload received from WazirX’s systems, which hinted at a potential compromise either at WazirX’s end or within Liminal’s frontend systems, the company said.
A further investigation into the discrepancy found “no evidence of compromise or vulnerabilities related to the transaction workflow” on Liminal’s end, it added.
The findings suggest that the issue likely originated from outside Liminal’s infrastructure, the company said, pointing the finger at WazirX — yet again.
“We reiterate that the product in question for this incident is our self-custody wallet infrastructure, wherein a majority of the private keys that control and operate the wallets remain with our clients on their infrastructure. In this product, Liminal can never initiate a transaction and all transactions always originate at our client’s end first,” it said.
Queries sent to WazirX did not elicit any response by the time of publishing this story.
It is pertinent to note that WazirX’s multisig wallet that was compromised in the attack was using Liminal’s digital asset custody service.
The hacked Safe Multisig wallet required six signatories, from which five were of the WazirX and one from infrastructure and custody partner Liminal.
WazirX and Liminal have been continuously blaming each other for the hack, leaving users in the dark about the security of funds.
In a blog post on July 18 — the day of the hack — WazirX said the attack stemmed from a “discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents.”
Nearly a month after the $230 Mn crypto heist, WazirX on August 14 said it was ending its relationship with Liminal and moving its funds into new multisig wallets.
Consequently, WazirX said that a forensic probe by Mandiant, a subsidiary of Google, into the hack found that its laptops and systems were not compromised and that findings largely indicated that the cyberattack originated from Liminal.
This comes at a time when WazirX is looking for “white knights” to bail it out after it was hit by a cyberattack, allegedly by North Korean hackers.
WazirX parent Zettai has moved the Singapore High Court seeking a moratorium as part of its restructuring plans. WazirX will either sell off some assets or form strategic partnerships with investors under the scheme of arrangement.
The hacked exchange has also been facing flak in India, with CoinSwitch threatening to take legal action against the hacked crypto exchange to recover 2% of its trapped funds.