No evidence of systems being compromised: Cryptocurrency platform WazirX

A 'multisig' or multisignature wallet is a crypto wallet that requires two or more private keys to unlock and withdraw funds

Days after cryptocurrency platform WazirX reported a loss of $230 million worth of digital assets in a massive security breach, the company’s preliminary investigation found no evidence that its signer machines were compromised.

The affected multisig wallet at WazirX had six signatories: five managed by WazirX and one by Liminal custody, a platform that services the crypto exchange’s wallets.  

A ‘mutlisig’ or multisignature wallet is a crypto wallet that requires two or more private keys to unlock and withdraw funds.

In its blog published Thursday, the firm has clarified the nature of the attack and has shifted the blame to its wallet service provider Liminal. 

 

While explaining the probable nature of the attack, WazirX said three of its signers received malicious transactions directly from Liminal due to a potential breach of the latter’s infrastructure. 

WazirX said that based on its preliminary findings, this ‘is the more likely cause of this attack’. 

“The malicious transaction was not sent to any of the destination addresses in the whitelisted addresses, which should have been prevented by Liminal’s firewall and whitelist policy,” the firm said in its preliminary findings. 

The company added another way its signers could have been compromised by malware on three devices. 

The firm clarified that for the scenario to be possible, the attacker would also need to breach Liminal’s infrastructure, firewalls to obtain the fourth and final signature to be able to complete a transaction on the blockchain.

In a statement issued last week, Liminal clarified its ecosystem had not been compromised in the cyberattack on the platform. 

“Our preliminary investigations show that one of the self-custody multisig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets, and assets continue to remain safe,” Liminal said in a press statement. 

Meanwhile, WazirX has informed that it will share ‘conclusive evidence’ with its users once a forensic report on the attack is complete. 

“We have refrained from giving a knee-jerk reaction to the incident and have initiated a thorough forensic analysis to uncover the full details of the cyberattack. Once the forensic report is complete, we will share conclusive evidence with the community,” it added.