In the wake of a significant cyberattack that resulted in the theft of over $230 million (roughly Rs 2,000) crore from Indian cryptocurrency exchange WazirX, a forensic analysis by Mandiant Solutions, a Google-owned cybersecurity firm, has provided some relief to the embattled platform. The report, commissioned by WazirX, concluded that there was no evidence of compromise on the laptops used by the exchange’s team to conduct transactions. In response to the allegations, Liminal Custody questioned the scope of Mandiant’s audit, suggesting that the investigation’s focus on WazirX’s infrastructure may have overlooked critical vulnerabilities within WazirX’s network.


What Did Mandiant Find?


Mandiant’s investigation specifically scrutinised three laptops utilised by WazirX personnel for executing transactions. According to WazirX, Mandiant found no indications of any breaches in these devices, which were critical in determining whether the attack had stemmed from an internal vulnerability. This assessment follows an earlier attack where digital assets from WazirX’s multi-sig wallet, managed by Liminal, were stolen.


While Mandiant’s findings suggest that WazirX’s internal systems were not directly compromised, the incident has cast a spotlight on Liminal, the digital asset custody firm responsible for the affected wallet. WazirX stated that initial findings point towards vulnerabilities within Liminal’s infrastructure as a potential source of the breach.


ALSO READ: Want To Earn $23 Million? Help WazirX Recover The $230 Million It Lost As Part Of Its Bounty Programme


What Did WazirX Say?


WazirX expressed its commitment to fully cooperate with ongoing investigations and reiterated its dedication to recovering the stolen assets. A spokesperson emphasised the exchange’s trust in the authorities handling the case and expressed hope for swift justice. “We have full faith in the investigating agency and shall cooperate with them to the fullest extent. We are actively working on recovering the stolen funds and are hopeful that those responsible will be brought to justice,” a spokesperson said.


Liminal's Response


Liminal asserted that its front-end and user interface were not compromised, citing its preliminary audit results, and announced that they have engaged additional independent auditors to conduct further analysis.


Here's the full statement issued by Liminal:


"We cannot comment on the statement put out by WazirX, due to the lack of any information on the scope and methodology of the audit they have conducted. Having said that, if one were to go by the information they’ve shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture, given that they were the custodians for 5 of the 6 keys. 


As far as our front-end and UI is concerned, our preliminary audit reports categorically indicate no breach in our front-end or UI. Please note that we have empanelled more than one reputed independent auditors to conduct forensic analysis and our detailed reports are expected to arrive within this week. We are confident that the Liminal front-end and UI were not compromised and the report and findings will be shared as soon as they are made available to us. 


It is unfortunate that this is being made out into a Liminal vs WazirX social media battle while so many users continue to suffer. In the interest of absolute transparency at our end, we have empanelled more than one reputed auditor and are open to empanelling additional auditors, including the likes of Mandiant to conduct the UI audit as well."


What Went Down


The cyberattack has sparked a broader conversation about security practices within the cryptocurrency industry. Last week, WazirX announced the termination of its custody arrangement with Liminal Custody, citing concerns over the latter's security measures following the breach. The exchange has initiated the process of migrating assets to new multisig wallets, aiming to enhance the security of its digital holdings.


The incident was first reported earlier this month when WazirX complained to the Delhi Special Cell. The complaint detailed the structure of the multi-sig wallet used by the exchange, which required multiple authorizations from both WazirX and Liminal for any transaction. On the day of the attack, WazirX team members encountered errors while attempting to complete transactions through Liminal's platform. Subsequently, a significant amount of funds was illicitly transferred from the wallet to unauthorized addresses.


As investigations continue, WazirX has also reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In, signalling its intent to pursue every avenue to recover the stolen funds and hold those responsible accountable.


Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.