In July 2024, Indian cryptocurrency exchange WazirX suffered a devastating cyberattack, resulting in a loss of around $230 million. The aftermath has sparked a heated blame game between WazirX and its wallet service provider, Liminal, over who is responsible for the breach.
Wazirx vs Liminal : How it all started
On July 18, 2024, one of WazirX’s multisignature wallets was compromised. These wallets require multiple signatures to authorize transactions, with six signatories: five managed by WazirX and one by Liminal. Despite these security measures, the attackers managed to steal a significant amount of cryptocurrency.
WazirX quickly initiated an investigation and brought in Mandiant Solutions, a subsidiary of Google, to conduct a forensic analysis. According to WazirX, Mandiant’s findings showed no compromise in their infrastructure or the three laptops used for signing transactions.
WazirX’s Accusations Against Liminal
After their investigation, WazirX blamed Liminal, their digital asset custody and wallet infrastructure provider. They claimed that the malicious transactions were processed through Liminal’s infrastructure and that the breach originated from there. WazirX highlighted several failures in Liminal’s security measures, including the failure to prevent withdrawals to non-whitelisted addresses and a contract upgrade that transferred control to the attacker which leads to WazirX vs Liminal Debate.
WazirX CEO Nischal Shetty raised several questions for Liminal, questioning how the transaction was signed and approved despite being malicious and how it bypassed security measures such as firewalls and whitelists.
Liminal’s Defense
Liminal Custody has strongly denied any breach on their end. They argued that their platform remains secure and suggested that the attack might have compromised WazirX’s devices. Liminal emphasized that their internal audit revealed no breach in their front-end or user interface and invited WazirX and Mandiant to conduct an impartial investigation of their systems.
A spokesperson from Liminal questioned the methodology and scope of WazirX’s forensic audit and pointed out that WazirX controlled five of the six keys needed for the multisignature wallet, implying that the security lapse might have occurred on WazirX’s side.
Wazirx vs Liminal : Implications
This Wazirx vs Liminal has cast a spotlight on the vulnerabilities of relying on third-party infrastructure for securing digital assets. The concept of “blind signing” in hardware wallets, where transaction details are not displayed on the wallet’s LED screen, has been particularly criticized as it forces users to trust the custody provider’s interface for transaction verification.
This debate (Wazirx vs Liminal : Who is responsible? ) has also raised broader questions about the reliability of third-party custodians in the crypto industry. As WazirX halts its operations and plans for resumption, the community remains anxious about the security of their funds and the overall safety of digital asset exchanges.
What’s Next
WazirX’s co-founder, Nischal Shetty, has outlined steps to involve the community in deciding the platform’s reopening and recovery plans. This includes running polls to gather customer opinions on reopening strategies and exploring solutions to unlock tokens affected by the hack. Meanwhile, Liminal has expressed willingness to cooperate with additional forensic audits to establish transparency and accountability.
As the investigation continues and both parties await further forensic reports, the outcome of Wazirx Vs Liminal dispute will likely have significant implications for security practices and trust in the cryptocurrency industry. The incident underscores the critical need for robust security measures and clear accountability protocols in managing digital assets.
Must Read : WazirX Cyberattack: Over $230 Million Stolen, Will user get refund?