WazirX cryptocurrency exchange which suffered the $230 million hack on 18 July is amid legal trouble and facing criticism from the users and partners for a while now. The company recently shared that they engaged with Mandiant Solutions, a subsidiary of Google to conduct a forensic analysis of the cyberattack. According to a report by Mandiant dated 14 August, WazirX has suggested that the issue might have originated from Liminal Custody which is a Singapore-based security partner of the crypto exchange.
In response to the claim made by WazirX, Liminal Custody on Monday stated that they are not responsible for the theft. According to the reports, Liminal engaged with Grant Thornton, a leading global audit firm, to conduct an independent audit which confirmed that the breach did not originate within Liminal’s frontend, backend, or user interface.
“Our preliminary reports identified a discrepancy between the data payloads created by our system and those received from the client’s system. This discrepancy indicated a potential compromise either at the client’s end or within our frontend systems,” said Liminal Custody in a statement “However, our independent review by Grant Thornton has confirmed that Liminal’s systems remain secure, and the breach likely occurred elsewhere.”
Liminal Custody explained that their self-custody wallet infrastructure where the majority of the private keys are held by clients, ensures that transactions are initiated solely from the clients’ end.
“Liminal cannot initiate transactions; they always originate at our client’s end first,” Liminal added
Liminal Custody argued that the breach of the multi-signature (multi-sig) wallet was most likely due to vulnerabilities from WazirX’s side.
“We now have multiple reviews which conclude that Liminal’s frontend, backend and user interface (UI) are found with no evidence of any compromise or vulnerabilities related to the transaction workflow. Based on these findings, the likelihood of the issue originating from outside Liminal’s infrastructure and systems has increased.” said the spokesperson for Liminal Custody.
“We reiterate that the product in question for this incident is our self-custody wallet infrastructure, wherein a majority of the private keys that control and operate the wallets remain with our clients on their infrastructure. In this product, Liminal can never initiate a transaction and all transactions always originate at our client’s end first,” the spokesperson added
ⓘ LAFFAZ is not responsible for the content of external sites. Users are required to read and abide by our Terms & Conditions.
