No evidence of compromised machines, attack originated from Liminal's infrastructure, says WazirX

Representative image

In a latest update in WazirX’s investigation, the crypto exchange shared that none of its signers’ machines were compromised and the attack likely happened from infrastructure partner Liminal’s end.

Liminal is a wallet infrastructure and digital asset custody solution provider, which counts Zebpay, Pi42, Central Bureau of Investigation (CBI) and Himachal Pradesh (HP) Police as its customers among others.

Citing its key findings in the preliminary report, WazirX said, “No evidence of compromise in WazirX signers' machines. The attack likely originated from Liminal's infrastructure, bypassing their final verification step. Contrary to some reports, no malicious transactions were signed before July 18, 2024.”

“The attack involved a contract upgrade, which Liminal's interface reportedly doesn't allow,” it added.

WazirX is suspecting two scenarios for this: A breach in Liminal's infrastructure led to malicious transactions. Or A sophisticated malware attack, which would have required breaching both WazirX and Liminal systems.

The exchange added that the first scenario seems more likely, but it will “await conclusive forensic results.”

In its own blog post earlier, Liminal had said that it’s platform was not breached and continues to remain secure and fully operational for all its clients, including WazirX.

It added that malicious transactions have emerged from victim's (WazirX's) compromised machines. Liminal’s customer base include organisations like Central Bureau of Investigation (CBI) and several other crypto exchanges.

Responding to this development, a Liminal spokesperson said, "To uphold highest standards of transparency, Liminal has proactively engaged independent CERT certified, third-party experts to conduct thorough forensic audits backed by published reports. We continue to be engaged with relevant authorities."

"As a wallet infrastructure support platform, we emphasize that this incident originated from an external source, underscoring the crucial need for comprehensive security measures across platforms," the spokesperson added.

On July 18, WazirX reported suspicious transfer of assets worth $230 million from one of its multisig wallets. Following this, the exchange had temporarily stopped withdrawals and trading on its platform.

A mutlisig wallet is a crypto wallet which require two or more private keys to unlock and withdraw funds.

Also read: WazirX’s $230-mn hack will stall the crypto industry’s progress with regulators