WazirX Exonerated in $230 Million Hack, Points to Security Flaw at Custody Partner Liminal

In a pivotal development surrounding the cybersecurity breach that rattled the Indian cryptocurrency exchange WazirX, a comprehensive forensic investigation has absolved the platform of any lapses in its security protocols. The probe, spearheaded by Mandiant Solutions, a renowned cyber forensics firm and a subsidiary of Google, has shifted the focus towards Liminal, WazirX’s former infrastructure and custody partner, as the probable origin of the vulnerability that led to the staggering $231 million hack.

WazirX, a prominent player in India’s burgeoning digital currency market, found itself at the epicenter of a cybersecurity storm last month when it reported that nearly 44.5% of its digital assets were illicitly siphoned off. The cybercriminals targeted a multisig (multi-signature) wallet—a sophisticated security measure necessitating multiple private keys to authorize any transactions. This particular wallet was secured with six keys, five held by WazirX and one by Liminal.

Despite the sophisticated breach, WazirX maintained that all transactions from the compromised wallet had been subjected to stringent authorization protocols, including approvals from three WazirX members followed by a final nod from Liminal. The forensic investigation by Mandiant Solutions corroborated the exchange’s stance, revealing no evidence of compromise on the three laptops utilized for transaction authorizations.

The revelations from the investigation have prompted WazirX to assert that the breach was not a result of any internal security failure but was instead tied to potential lapses on Liminal’s part. This assertion was bolstered by a detailed report, shedding light on the intricate dynamics of the cyberattack and its origins, as per insights shared with MoneyControl.

In the aftermath of the breach, WazirX has been proactive in its recovery efforts, implementing diverse strategies to mitigate the impact on its users and operations. Among these is the initiation of a Bounty Program, incentivizing the crypto community with rewards up to $10,500 in USDT for any information or assistance leading to the recovery of the stolen assets. Furthermore, the exchange has engaged in dialogues with its user base, seeking input on potential recovery measures and has reached out to industry peers and potential investors, including its previous partner Binance, which has had significant dealings with WazirX, holding $81 million in WRX tokens and other assets.

The exchange has not limited its recovery and mitigation efforts to the crypto community alone. It has sought the collaboration of the Financial Intelligence Unit of India (FIU) and the Indian Computer Emergency Response Team (CERT) to navigate the complexities of the breach’s aftermath. An initial proposal, dubbed the “55/45 approach,” aimed at allowing users access to 55% of their portfolio tokens while converting the remaining 45% into USDT and locking them until full recovery, was considered but eventually set aside following user feedback.

In a decisive move to realign its operational integrity, WazirX has severed its ties with Liminal as a custody partner. Additionally, it has undertaken a corrective measure to restore balance by reversing all unauthorized trades executed between July 18 and July 21, a critical period when the platform was grappling with the breach.

The WazirX hack underscores the intricate challenges and vulnerabilities inherent in the digital asset landscape. While the forensic exoneration of WazirX provides a semblance of closure on the matter, it also highlights the ongoing need for robust security frameworks and collaborative efforts within the crypto industry to thwart such cybersecurity threats. The saga also serves as a stark reminder of the imperative for continuous vigilance and adaptation in the face of evolving cyber threats that loom over the digital financial ecosystem.