Just In: Liminal Claims No Responsibility in $230M WazirX Wallet Hack

WazirX and Liminal Custody are currently engaged in a blame game following a $230m exploit of the Indian exchange WazirX, with both parties accusing the other for the breach. The hack that as a result, affected three WazirX wallets has raised concerns among customers over the safety of their investments.

Liminal Claims No Responsibility in WazirX Hack

WazirX, through a post on social media platform X (previously Twitter), blamed the incident to a mismatch between the information displayed on Liminal’s interface and the actual transaction details. WazirX addressed the issue to the police and has contacted the Indian Computer Emergency Response Team (CERT-In).

According to Nischal Shetty, WazirX’s CEO, the matter was concerning a multisig wallet that was using Liminal’s custody service.

On the other hand, Liminal Custody has come out with a detailed report to state that their infrastructure was not hacked. In a statement provided by Liminal, the hacked wallet was integrated into their platform at the request of WazirX and was set as a 4 of 6 multisig wallet with WazirX controlling three keys and Liminal controlling one.

Liminal’s investigation consequently established that the breach occurred on the devices on WazirX’s side where payloads were injected to enable the attacker to get the required signatures for unauthorized transactions.

North Korean Hackers Suspected

According to crypto security company Elliptic, the hackers behind the attack can be linked to North Korea. This incident only piles onto the list of high profile crypto hacks linked to the North Korean cyber criminals who have been involved in several such heists in the past. The hackers employed elaborate ways to infiltrate the devices of the WazirX users and obtained the transaction signatures which are required for the malicious operations.

However, Liminal elaborated in their report the specific steps on how the signatures were obtained by the attackers through the use of multiple compromised devices.

The attackers employed man-in-the-middle (MIM) attacks and other client-side breaches to manipulate signing and acquire the required signatures for the transfer of funds to the attacker’s account.

WazirX’s Response and Recovery Efforts

In response to the breach, WazirX has filed a police complaint and is collaborating with over 500 crypto exchanges to block the addresses identified in the hack. The exchange has also reported the incident to the Financial Intelligence Unit (FIU) and CERT-In.

 WazirX emphasized its commitment to recovering the stolen funds and ensuring the security of user assets through broader cooperation within the blockchain community.

As part of the recovery process, WazirX has been engaging with forensic auditors and law enforcement agencies to investigate the matter. The exchange wants to establish the circumstances that led to the incident and put mechanisms in place to ensure that such occurrences do not occur in the future.

Read Also: Hugh Hendry Says Bitcoin To Rise 3X Surpassing NVIDIA Market Cap