Indian crypto exchange WazirX, for the past week, has been invested in probing a hack that drained one of its multi-signature wallets off over $230 million (roughly Rs. 1,924 crore). In its latest update to the community, WazirX has claimed that its own signers' machines were not compromised in this attack, as shown by its internal investigation. The exchange has alleged that Liminal's infrastructure was used by hackers to facilitate this hack attack.
Updates on WazirX's Internal Probe
WazirX updated its official blog post on July 25, claiming that Liminal's multi-party computation (MPC) wallet failed to screen non-whitelisted addresses and prevent withdrawals. In the backdrop, the exchange added that its internal probe could not identify any evidence pointing at a compromise from its end.
“The attack involved the flow of transactions through Liminal infrastructure. The malicious transaction was not sent to any of the destination addresses in the whitelisted addresses, which should have been prevented by Liminal's firewall and whitelist policy,” the blog by WazirX noted.
The Mumbai-headquartered exchange went on to clarify that the execution of transactions over Liminal are out of its server ecosystem. The exchange also denied social media claims that it signed any suspicious transactions eight days before the hack, which might have set the stage for the attack.
As part of its preliminary investigation, WazirX has not been able to find any malicious malware on its systems. The exchange now awaits a detailed forensic analysis from Liminal's end.
Gadgets360 has reached out to Liminal for their response to WazirX's alleged claims.
WazirX partnered with Liminal Custody in January 2023 to manage its wallets. A day after the hack, Liminal published a blog claiming that its platform was not breached.
“In light of the recent incident, where WazirX's Gnosis SAFE smart contract wallet was drained, it is pertinent to note that Liminal's infrastructure is not breached and all wallets on Liminal's infrastructure, including WazirX's other Gnosis SAFE wallets deployed entirely from within Liminal's platform continue to remain safe & secure,” the company had said.
Aftermath of WazirX's Wallet Hack
Following the hack, WazirX has paused all trading, deposit, and withdrawal services from its platform. The exchange says it is working with law enforcement agencies to get to the bottom of the attack.
Seeking help from third party hackers, the exchange also launched a bounty programme. As part of this initiative, WazirX has offered $23 million (roughly Rs. 192 crore) in White Hat Bounty to the hacker for returning the stolen funds. In addition, the exchange is also offering USDT worth $10,000 (roughly Rs. 8.3 lakh) to those who can help identify the stolen funds and freezing them.
Indian Web3 analysts suspect that North Korea's infamous Lazarus Group could be responsible for facilitating this rather sophisticated attack. Confirmation on the doubts, however, remain awaited for now.
The hacker stole the amount through a total of 203 crypto assets, including Ether, Tether, Pepecoin, Gala, Polygon, and Shiba Inu among others, the exchange has confirmed to Gadgets360. WazirX is also reaching out to the teams managing these cryptocurrencies asking for assistance in tracing the funds.
As of now, the government including the Finance Ministry has continued to maintain a stark silence on this hack, which put funds worth over $230 million (roughly Rs. 1,924 crore) in jeopardy.
Now that its investigation has suggested that the breach may have been initiated via a compromise at Liminal's end, WazirX has sounded an alert to the Central Bureau of Investigation (CBI) -- that also trusts Liminal to hold crypto assets seized during investigations.
“The malicious transaction which got signed, upgraded the contract to transfer the control to the attacker. We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” WazirX said “It is pertinent to state here that the CBI has entrusted Liminal with the secured non-custodial storage of digital assets seized during investigations which may also be based upon such representations by Liminal.”
