Preliminary Findings: Intricacies and Accountability in the WazirX Cyber Breach

In a preliminary probe into the audacious $235 million hack on July 18, WazirX cryptocurrency exchange found no evidence of compromised signer machines within its infrastructure. The breach, they suggest, may have originated from Liminal, their multi-party computation (MPC) wallet provider, sparking a contentious blame game between the two entities.

Meticulous Forensics and Initial Insights

Following the cyber onslaught, WazirX launched an exhaustive investigation, and on July 25, they announced that no infiltrations were detected in their signer machines. Their scrutiny suggested that the intrusion may have exploited vulnerabilities in Liminal’s infrastructure.

The investigative team at WazirX delved deep into the potential points of compromise, yet their forensic analysis revealed no breaches in their system. The hack’s transactions were processed using Liminal’s infrastructure, utilizing three WazirX signatures alongside one from Liminal, indicating possible lapses in Liminal’s security protocols.

Read more: WazirX Hacked for $230 Million, North Korea Suspected

Unveiling Liminal’s Security Flaws

The preliminary report from WazirX underscored significant failures within Liminal’s security framework. The Liminal MPC wallet, designed to prevent unauthorized withdrawals to non-whitelisted addresses, failed in this instance. Furthermore, the malicious transaction entailed a contract upgrade transferring control to the attacker, which Liminal’s interface should have barred.

The report pointed to multiple pieces of evidence indicating a breach in Liminal’s system rather than WazirX’s. No new connection requests were dispatched to WazirX’s hardware wallets; the requests originated from whitelisted addresses, and all signers perceived the expected token names and destination addresses. This suggests that the information displayed by Liminal’s interface was manipulated, likely due to a systemic breach.

Liminal’s Denial and the Path Forward

Contrarily, Liminal has staunchly denied any breach of its infrastructure. In their statement on July 19, Liminal asserted that their platform remains secure, suggesting that the hack could have been perpetrated by compromising all three WazirX devices—a claim WazirX refutes.

Liminal maintains that their servers were not infiltrated and that all associated wallets, including WazirX’s, remain secure. The incident has magnified the security risks associated with “blind signing” of token transactions from hardware wallets, where transaction details are not displayed on the wallet’s LED screen, compelling users to rely on external devices or interfaces.

Broader Implications for the Crypto Community

This breach has far-reaching implications for the cryptocurrency ecosystem, particularly concerning the reliance on third-party infrastructure for securing digital assets. WazirX highlighted that other organizations, including the Central Bureau of Investigation (CBI), use Liminal for storing seized assets, raising critical concerns about the reliability of such custodians if their security can be compromised.

WazirX is committed to continuing its comprehensive forensic analysis to unearth the full scope of the cyber attack. They plan to share conclusive evidence once the investigation is complete. Meanwhile, WazirX co-founder Nischal Shetty has outlined steps to engage the community in deciding the platform’s reopening and recovery plans.