[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure

[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure

SUMMARY

After experiencing a security breach on July 18, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack

According to its preliminary findings, the attack likely originated from Liminal's infrastructure, bypassing their final verification step

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy

Update | July 27, 1:02 PM

A day after Inc42 reported that WazirX’s preliminary investigation found that the cyber attack on the cryptocurrency exchange likely originated from Liminal’s infrastructure, the latter dismissed the findings saying that the “incident originated from an external source”.

“On July 19, 2024, we were notified of a security incident affecting a self-custody multi-signature smart contract wallet used by one of our customers, WazirX. This wallet was reported to be compromised on July 18. Our initial assessment indicates that Liminal’s platform, infrastructure, wallets, and assets remain secure. We reiterate that our platform continues to operate seamlessly, processing transfers and withdrawals for all our customers,” a Liminal spokesperson said in a statement.

“To uphold highest standards of transparency, Liminal has proactively engaged independent CERT certified, third-party experts to conduct thorough forensic audits backed by published reports. As a wallet infrastructure support platform, we emphasise that this incident originated from an external source, underscoring the crucial need for comprehensive security measures across platforms,” the spokesperson added.

Original Story| July 26, 11:48 AM

Days after WazirX experienced a major security breach, resulting in withdrawals of around $234.9 Mn during the early European hours, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack.

Following this, the company also announced a prize of $23 Mn as a part of its bounty programme to recover the $230 Mn assets stolen during the attack.

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step, as evidenced by the use of 3 WazirX signatures and 1 Liminal signature. 

Liminal is a digital asset management platform that helps secure and manage cryptocurrency transactions through a structured and secure process. It is specifically designed to handle high-value transactions and prevent unauthorised or malicious transfers. 

As per the company, the attack involved a contract upgrade that Liminal’s interface reportedly does not permit. 

“We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” the company said in a statement.

However, it shared that none of its signers’ machines were compromised.

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy.

“Contrary to some reports by self-proclaimed crypto experts on social media, WazirX did not sign any malicious transactions 8 days before the attack. The attacker had created smart contracts on July 10, 2024, but these had no interaction with the WazirX wallet until July 18, 2024,” the company said in a blog post.

WazirX’s security breach impacted one of its wallets Safe Multisig on the Ethereum network, resulting in the loss of user funds.

Founded in 2017, WazirX is a bitcoin and cryptocurrency exchange where you can buy, sell, and trade digital assets, catering to both first-time investors and professional traders alike.

Based on its preliminary analysis, the company has outlined two potential scenarios that may have occurred. Scenario 1 suggests that the malicious transactions were directly received by the WazirX signers from Liminal due to a possible breach of Liminal’s infrastructure. 

Scenario 2 proposes that malware compromised all three WazirX signers’ devices. Although there is no preliminary evidence of malware, WazirX has initiated a forensic investigation. 

Given the current findings, WazirX believes Scenario 1 is more likely but awaits further forensic results before confirming. 

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure-Inc42 Media
[Update] WazirX’s Crypto Heist: Probe Finds Attack Originated From Liminal’s Infrastructure-Inc42 Media
You’re in Good company