WazirX hack: audit clears Liminal Custody of involvement in $230 million breach

By:
Edited by:
on  Sep 9, 2024
Listen
3 min read
  • Grant Thornton audit finds no vulnerabilities in Liminal Custody’s infrastructure.
  • Previously, WazirX’s separate forensic analysis revealed the exchange's system was not breached.
  • Ongoing efforts to recover stolen funds remain unsuccessful.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Cryptocurrency custody provider Liminal Custody claims an independent audit has concluded that the $230 million hack on WazirX did not originate as a result of vulnerabilities in its infrastructure.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

According to a September 9 blog post from Liminal, an audit by Grant Thornton confirmed that Liminal Custody’s infrastructure was not involved in the $230 million hack of WazirX. The findings have reportedly revealed that the breach occurred outside Liminal’s infrastructure.

Liminal’s systems not breached by WazirX hackers

Copy link to section

Attackers behind the WazirX breach siphoned off more than $230 million in various cryptocurrencies from the crypto exchange compelling it to suspend all operations. 

In its first post-mortem report, WazirX pointed to discrepancies between Liminal’s interface and transaction data as a potential source of the breach.

However, the Grant Thornton audit found no evidence of any compromise within Liminal’s systems. 

Liminal Custody stated that its “frontend and backend infrastructure is secure,” with no signs of vulnerabilities that could affect the transaction workflow. 

The custodian suggested that discrepancies between the data payloads generated by its system and those received from the client could be due to vulnerabilities in the client’s infrastructure or the custodian’s frontend systems.

Liminal is still awaiting a complete “end-to-end review” from its auditors, the blog added.

Further, the company emphasized that its multi-signature wallet model ensures client keys remain with the customers, and all transactions “originate at our client’s end first,” making it impossible for Liminal to initiate transactions independently.

Contrasting the recent findings, WazirX’s independent forensic analysis conducted by Mandiant Solutions, a subsidiary of Google, found no evidence of a compromise on the three laptops used by the exchange for signing transactions.

This leaves unanswered questions about the true origin of the breach.

WazirX hack recovery efforts in vain

Copy link to section

The July 18 hack of WazirX stands out as one of the year’s major security breaches in the crypto sector.

In the attack, over 15,000 Ethereum and several other tokens were stolen from a multi-signature wallet, impacting 45% of customer funds, and leaving WazirX struggling to maintain a 1:1 collateral ratio, putting the platform’s stability at risk.

Efforts to recover the assets have included filing a First Information Report (FIR) with the Delhi police on August 6 and launching a bounty program, but these attempts have been to no avail.

Meanwhile, the attackers have started converting and laundering stolen funds through Tornado Cash, a cryptocurrency mixer.

On Sep. 9, data from Arkham revealed a transfer of over 5,000 ETH, valued at around $11 million, to a new address.

Shortly after, five transactions moved an additional $1.2 million in tokens through Tornado Cash.

At the time of writing, at least 7200 ETH worth roughly $16.78 million had been laundered with the perpetrators still holding $107 million worth of various tokens in their primary wallet.

In the meantime, the WazirX is pursuing a Singapore Scheme of Arrangement, a restructuring process under the country’s insolvency laws and regulations, that provides a company in financial distress with a way to restructure its debts under the supervision of the Singapore High Court.