Indian crypto exchange WazirX has spent the past week investigating a hack that drained one of its multi-signature wallets of over $230 million (approximately Rs. 1,924 crore). In its latest update to the community, WazirX has claimed that its own signatories’ machines were not compromised in the attack, as per its internal investigation. The exchange has alleged that Liminal’s infrastructure was used by hackers to facilitate the hacking attack.
Updates on WazirX internal probe
WazirX updated its official blog post on July 25, claiming that Liminal’s multi-party computation (MPC) wallet failed to screen non-whitelisted addresses and prevent withdrawals. In context, the exchange added that its internal investigation could not identify any evidence that pointed to a compromise on its part.
“The attack involved the flow of transactions through the Liminal infrastructure. The malicious transaction was not sent to any of the destination addresses in the whitelist addresses, which should have been prevented by Liminal’s firewall and whitelist policies,” WazirX blog noted.
The Mumbai-based exchange subsequently clarified that trade execution through Liminal takes place outside the exchange’s server ecosystem. The exchange also denied claims from social media that it had signed suspicious transactions eight days before the hack, which could have set the stage for the attack.
As part of the preliminary investigation, WazirX has not been able to find any malicious malware on its systems. The exchange is now awaiting a detailed forensic analysis from Liminal.
Gadgets360 has reached out to Liminal for comment on WazirX’s alleged claims.
WazirX partnered with Liminal Custody to manage its wallets in January 2023. A day after the hack, Liminal published a blog post claiming that its platform had not been hacked.
“In light of the recent incident where WazirX’s Gnosis SAFE smart contract wallet was drained, it is relevant to note that Liminal’s infrastructure was not breached and all wallets on Liminal’s infrastructure, including WazirX’s other Gnosis SAFE wallets that are deployed entirely from Liminal’s platform, remain safe and secure,” the company said. said.
Aftermath of the WazirX wallet hack
Following the hack, WazirX has halted all trading, deposit and withdrawal services on its platform. The exchange says it is working with law enforcement agencies to get to the bottom of the attack.
To seek help from third-party hackers, the exchange also launched a bounty program. As part of this initiative, WazirX has offered $23 million (approximately Rs. 192 crore) in White Hat Bounty to the hacker for returning the stolen funds. Additionally, the exchange is also offering USDT worth $10,000 (approximately Rs. 8.3 lakh) to those who can help identify and freeze the stolen funds.
Indian Web3 analysts suspect that the notorious Lazarus Group from North Korea could be responsible for facilitating this rather sophisticated attack. However, confirmation of the doubts remains pending.
The hacker stole the funds through a total of 203 crypto assets, including Ether, Tether, Pepecoin, Gala, Polygon and Shiba Inu, the exchange confirmed to Gadgets360. WazirX is also contacting the teams that manage these cryptocurrencies, asking for help in tracing the funds.
The government, including the Ministry of Finance, has so far remained silent about the hack, which has jeopardized funds worth over $230 million (approximately Rs 1,924 crore).
Now that investigations have revealed that the breach may have been caused by a breach at Liminal, WazirX has sent a warning to the Central Bureau of Investigation (CBI). The CBI also trusts Liminal to hold on to the cryptocurrencies seized during investigations.
“The malicious transaction that was signed upgraded the contract to transfer control to the attacker. We have statements from Liminal that their interface does not allow for initiating a contract upgrade from their interface,” WazirX said. “It is pertinent to mention here that the CBI has entrusted Liminal with the secure non-custodial storage of digital assets seized during investigations, which could also be based on such statements from Liminal.”
