Nearly a month after conducting a preliminary investigation into a security breach that led to a $230 million loss at WazirX, the embattled cryptocurrency exchange claimed on Monday that a separate forensic analysis found no compromise in its IT systems and once again blamed its wallet service provider Liminal Custody for the cyberattack.
WazirX said the investigation was led by cybersecurity firm Mandiant Solutions, a subsidiary of tech giant Google.
“While a detailed report will be published soon, the findings largely indicate that the issue that led to the cyberattack originated with Liminal. The wallet that was attacked was managed using Liminal’s digital asset wallet and custody infrastructure,” WazirX said in a press release.
Liminal Custody had clarified that its systems were not compromised after the cyberattack was first detected.
“If one goes by the information WazirX has shared, this actually raises serious questions about the security of their network infrastructure, operational custodial controls, and overall security posture, given that they were the custodians of five of the six keys,” Liminal said in a statement.
The company added that it had appointed auditors to investigate the case.
In a post on X (formerly Twitter), Nischal Shetty, founder and chief executive officer (CEO) of WazirX, said the company had yet to “hear any credible responses from Liminal.”
Shetty expressed concern about the extent of the breach of Liminal’s systems and questioned whether the service provider was involved in the theft of funds by an insider.
“Why/how did the Liminal website show us a genuine transaction that was supposed to be signed, and yet sent an incorrect payload for the signature? Why and how did their firewall end up allowing the transaction that was not on the whitelisted address? Why and how did they end up signing and approving this malicious transaction?” he asked in the post.
WazirX cited Mandiant’s finding, stating that the cybersecurity firm “identified no evidence of compromise on the three laptops that were used to sign transactions” on the cryptocurrency exchange.
Last month, one of WazirX’s multisig wallets was breached, causing the company to temporarily suspend most of its operations.
The company’s affected multisig wallet had six signatories: five managed by WazirX and one by Liminal Custody, a platform that services the cryptocurrency exchange’s wallets.
A multimillionaire wallet is a crypto wallet that requires two or more private keys to unlock and withdraw funds.
First published: August 19, 2024 | 18:41 IS
Disclaimer
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.