WazirX Investigates $235M Hack: No Compromise Found in Signer Machines
Preliminary Findings: Intricacies and Accountability in the WazirX Cyber Breach
In a preliminary probe into the audacious $235 million hack on July 18, WazirX cryptocurrency exchange found no evidence of compromised signer machines within its infrastructure. The breach, they suggest, may have originated from Liminal, their multi-party computation (MPC) wallet provider, sparking a contentious blame game between the two entities.
Meticulous Forensics and Initial Insights
Following the cyber onslaught, WazirX launched an exhaustive investigation, and on July 25, they announced that no infiltrations were detected in their signer machines. Their scrutiny suggested that the intrusion may have exploited vulnerabilities in Liminal’s infrastructure.
The investigative team at WazirX delved deep into the potential points of compromise, yet their forensic analysis revealed no breaches in their system. The hack’s transactions were processed using Liminal’s infrastructure, utilizing three WazirX signatures alongside one from Liminal, indicating possible lapses in Liminal’s security protocols.
Read more:Â WazirX Hacked for $230 Million, North Korea Suspected
Unveiling Liminal’s Security Flaws
The preliminary report from WazirX underscored significant failures within Liminal’s security framework. The Liminal MPC wallet, designed to prevent unauthorized withdrawals to non-whitelisted addresses, failed in this instance. Furthermore, the malicious transaction entailed a contract upgrade transferring control to the attacker, which Liminal’s interface should have barred.
The report pointed to multiple pieces of evidence indicating a breach in Liminal’s system rather than WazirX’s. No new connection requests were dispatched to WazirX’s hardware wallets; the requests originated from whitelisted addresses, and all signers perceived the expected token names and destination addresses. This suggests that the information displayed by Liminal’s interface was manipulated, likely due to a systemic breach.
Liminal’s Denial and the Path Forward
Contrarily, Liminal has staunchly denied any breach of its infrastructure. In their statement on July 19, Liminal asserted that their platform remains secure, suggesting that the hack could have been perpetrated by compromising all three WazirX devices—a claim WazirX refutes.
Liminal maintains that their servers were not infiltrated and that all associated wallets, including WazirX’s, remain secure. The incident has magnified the security risks associated with “blind signing” of token transactions from hardware wallets, where transaction details are not displayed on the wallet’s LED screen, compelling users to rely on external devices or interfaces.
Broader Implications for the Crypto Community
This breach has far-reaching implications for the cryptocurrency ecosystem, particularly concerning the reliance on third-party infrastructure for securing digital assets. WazirX highlighted that other organizations, including the Central Bureau of Investigation (CBI), use Liminal for storing seized assets, raising critical concerns about the reliability of such custodians if their security can be compromised.
WazirX is committed to continuing its comprehensive forensic analysis to unearth the full scope of the cyber attack. They plan to share conclusive evidence once the investigation is complete. Meanwhile, WazirX co-founder Nischal Shetty has outlined steps to engage the community in deciding the platform’s reopening and recovery plans.
Stay informed with daily updates from Blockchain Magazine on Google News. Click here to follow us and mark as favorite: [Blockchain Magazine on Google News].
Get Blockchain Insights In Inbox
Stay ahead of the curve with expert analysis and market updates.
latest from tech
Disclaimer: Any post shared by a third-party agency are sponsored and Blockchain Magazine has no views on any such posts. The views and opinions expressed in this post are those of the clients and do not necessarily reflect the official policy or position of Blockchain Magazine. The information provided in this post is for informational purposes only and should not be considered as financial, investment, or professional advice. Blockchain Magazine does not endorse or promote any specific products, services, or companies mentioned in this posts. Readers are encouraged to conduct their own research and consult with a qualified professional before making any financial decisions.