The cyberattack on crypto exchange WazirX in July, that led to a loss of about Rs 2,000 crore in digital assets, had originated from their end, according to its security partner and digital asset custody company, Liminal Custody.
In Short
- WazirX faced security breach in July, lost Rs 2,000 crore in digital assets
- Liminal Custody says no evidence of its web application being compromised
- Earlier, WazirX had blamed Liminal Custody for the cyberattack
Liminal Custody, a digital asset custody company, has claimed the cyberattack that hit its security partner and cryptocurrency exchange, WazirX, happened at the latter’s end as per audit findings.
A comprehensive review of Liminal Custody’s web application, including its front end, User Interface (UI) and backend was conducted by audit firm Grant Thornton. The audit firm said it did not find any evidence of the cyberattack originating from Liminal Custody’s web application.
Earlier, WazirX had blamed Singapore-based Liminal Custody for the cyberattack on its infrastructure in July, that led to the theft of about Rs 2,000 crore.
Following its review, Liminal Custody said its preliminary reports identified a mismatch between the data shared by the firm and the payload received from the client’s systems.
“This indicated two potential possibilities: a potential compromise either at the client’s end or within our frontend systems, resulting in the need for investigation into whether there was any compromise in our frontend systems,” Liminal Custody said.
“To further investigate this discrepancy, we enlisted the services of several reputable auditors, including one of the globally top-ranked audit companies, Grant Thornton. We now have multiple reviews which conclude that Liminal’s frontend, backend and UI are found with no evidence of any compromise or vulnerabilities related to the transaction workflow,” it added.
The company said that the likelihood of a cyberattack from outside its infrastructure and systems had increased based on the findings.
The WazirX cyberattack occurred on July 18, resulting in the theft of over $230 million (about Rs 2,000 crore) in digital assets. The breach involved a multi-sig wallet with six signatories, five from WazirX and one from Liminal Custody.
The security breach led to WazirX losing nearly 45 per cent of its holding assets.
WazirX had commissioned a forensic analysis by Mandiant Solutions, a Google subsidiary. While Mandiant’s preliminary report indicated that WazirX’s laptops used for signing transactions were not compromised, Liminal Custody questioned the scope and methodology of WazirX’s audit.
Liminal Custody argued that the security of WazirX’s network infrastructure and custody controls should be scrutinised.
WazirX allows users to buy, sell, and trade various cryptocurrencies like Bitcoin, Ethereum and others. Launched in 2018, it provides a platform for spot trading, staking, and peer-to-peer transactions and offers features like a native utility token (WRX) and integration with Binance, a global cryptocurrency exchange.
