A recent cyberattack on WazirX, one of India’s largest digital currency exchanges, saw $230 million stolen after an investigation by Google Subsidiary, which found that WazirX was not breached at all. The hack of its multi-sig wallet reduced WazirX’s assets by almost 45%. As for the specifics of the security breach, the report prepared by Mandiant said that it was most probably carried out through Liminal – WazirX’s former infrastructure and custody partner.
WazirX had six signatories managing the multisig wallet: Five belonged to the exchange, and one belonged to Liminal. Though the exchange employed multiple authorizations for transactions, the forensic analysis of the hack did not reveal tampering in the three laptops with the WazirX team members used for signing transactions. On this pretext, WazirX pointed a finger at Liminal for the breach.
However, Liminal has very firmly refuted these allegations. Liminal challenged the solidity of the network architecture of WazirX and its operating custody of the platform. The custodian was quick to point out in their preliminary audit reports, that they had not detected any weakness in their front-end or User Interface (UI).
Liminal is also running a forensic analysis of the same affair, and the findings of this are pending, although an external audit of Liminal’s UI is also planned.
Although WazirX got cleared by the forensic investigation, the exchange is further trying to find the stolen amount. With efforts to recover the stolen crypto, it has declared a bounty program with potential rewards of up to $10,000 in USDT and is looking for affiliate and acquisition opportunities to minimize the losses.
Credit: Source link