WazirX Signers' Machine Not Compromised In $235-Million Breach, Findings Report Claims Liminal’s Infrastructure Was Likely Vulnerable

WazirX has come out with a report on initial findings in the aftermath of the July 18 cyberattack. The report indicates no compromise of the cryptocurrency exchange's machines, according to a recent report from WazirX. The breach, resulting in a $235 million loss, appears to be linked to vulnerabilities in the multi-party computation (MPC) wallet provider Liminal's infrastructure.

WazirX's report, dated July 25, states, "Our preliminary findings have not found any evidence that WazirX signers’ machines were compromised.” The exchange's team is continuing a detailed forensic analysis and plans to disclose complete findings once the investigation is concluded. "The malicious transaction was not sent to any of the destination addresses in the whitelisted addresses, which should have been prevented by Liminal’s firewall and whitelist policy," the report also noted.

ALSO READ: Want To Earn $23 Million? Help WazirX Recover The $230 Million It Lost As Part Of Its Bounty Programme

How Did The Breach Take Place?

The attack involved transactions passing through Liminal’s infrastructure, utilising three WazirX signatures and one from Liminal. This suggests the failure originated within Liminal’s MPC wallet, which was supposed to prevent unauthorised withdrawals to non-whitelisted addresses.

Instead, the attacker managed to upgrade the multisig wallet contract, transferring control to themselves—an action that should not have been possible through Liminal's interface.

Liminal Likely Compromised

Liminal, in a report on July 19, asserted that its servers remained secure and suggested that the exploit could have been due to a breach of all three WazirX devices. Despite this claim, WazirX’s report highlights evidence indicating otherwise, including the lack of new connection requests to their hardware wallets and the whitelisted origin of the malicious transaction.

The investigation posits that Liminal’s infrastructure was likely compromised. Critical evidence includes the consistency of expected token names and destination addresses seen by WazirX signers and the receipt of expected email notifications, pointing towards a breach on Liminal's end.

ALSO READ: From Consumers To Blockchain Developers: Various Stakeholders In Crypto Ecosystem And The Roles They Play

This incident underscores a broader security concern within the crypto community regarding "blind signing," where users approve transactions without being able to verify the destination address directly on their hardware wallets. This practice relies on the custody provider’s interface to convey accurate information, which becomes a vulnerability if the provider's infrastructure is compromised.

WazirX’s report suggests that if the Central Bureau of Investigation (CBI) had known about the potential for such an upgrade through Liminal’s interface, it might have reconsidered using Liminal’s services. This incident emphasises the need for enhanced scrutiny and security measures within cryptocurrency custodial services.

While awaiting conclusive forensic results, WazirX continues to explore the full extent of the breach and its implications for the crypto industry.

Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.