Audit finds $230M WazirX hack originated outside Liminal Custody

09/09/2024 21:19
Audit finds $230M WazirX hack originated outside Liminal Custody

An independent audit by Grant Thornton found no evidence that Liminal Custody's infrastructure was involved in the $230 million WazirX hack

Audit finds $230M WazirX hack originated outside Liminal Custody

An independent audit by Grant Thornton found no evidence that Liminal Custody’s infrastructure was involved in the $230 million WazirX hack.

Grant Thornton’s audit found that Liminal Custody, the Singapore-headquartered crypto custodian, was not the main source for the $230 million hack of WazirX, indicating the breach has originated “outside of Liminal’s infrastructure,” the company said in a Sept. 9 blog post.

The breach, which occurred in July, allowed attackers to siphon off more than $230 million in cryptocurrencies.

WazirX, which has since moved its assets to new multi-signature wallets, had initially pointed to discrepancies between Liminal’s interface and transaction data. However, an audit by Grant Thornton reportedly found no evidence of compromise in Liminal’s infrastructure, though Liminal Custody has not publicly shared the audit findings.

“Grant Thornton conducted a detailed assessment of Liminal’s infrastructure and have informed us that Liminal’s frontend and backend infrastructure is secure, with no evidence of any compromise or vulnerabilities related to the transaction workflow.”

Liminal Custody

No breach from Liminal side

Liminal highlighted that discrepancies between the data payloads generated by its system and those received from the client suggested two possible sources for the breach: either vulnerabilities within the client’s infrastructure or the custodian’s frontend systems. The company added that it is still awaiting an “end-to-end review from our auditors.”

The company noted that its multi-signature wallet model ensures that client keys remain with customers, adding that users “can never initiate a transaction and all transactions always originate at our client’s end first.”

Following the exploit, WazirX tried to institute a “socialized loss strategy,” which would have seen users access 55% of their funds with the remaining 45% held by the exchange in Tether (USDT) equivalent tokens. However, the proposal was met with widespread outrage, with users accusing the exchange of trying to avoid taking full responsibility for the losses incurred from the hack. Subsequently, WazirX was forced to backtrack on the plan, asking for more time to work on a resolution.

Read more --->