WazirX and Liminal Disagree on Source of $235 Million Hack
The post WazirX and Liminal Disagree on Source of $235 Million Hack appeared on BitcoinEthereumNews.com.
TLDR WazirX, an Indian crypto exchange, suffered a $235 million hack on July 18, 2024. WazirX’s investigation found no evidence of compromise in their own systems. The exchange suggests the breach likely originated from Liminal, their multi-party computation (MPC) wallet provider. Liminal denies any breach of its infrastructure and suggests the attack might have occurred by compromising WazirX devices. The incident highlights security risks associated with “blind signing” in hardware wallets. On July 18, 2024, WazirX, a major Indian cryptocurrency exchange, fell victim to a sophisticated cyber attack resulting in a loss of $235 million. This incident has sparked a heated debate between WazirX and its multi-party computation (MPC) wallet provider, Liminal, over the source of the security breach. WazirX’s preliminary investigation, released on July 25, found no evidence that their infrastructure’s signer machines were compromised. In light of the recent cyber attack on WazirX, our preliminary investigation reveals no evidence of compromise on our signers’ machines. We are continuing to explore all possible sources of the breach. For more details, please read this blog 👇https://t.co/UQD7LVUy0v — WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 25, 2024 Instead, the exchange pointed to Liminal as the likely origin of the breach. According to WazirX, the malicious transactions were processed through Liminal’s infrastructure, using three WazirX signatures and one Liminal signature. The exchange highlighted several issues with Liminal’s security measures. The Liminal MPC wallet, designed to prevent withdrawals to non-whitelisted addresses, failed to do so during the attack. Additionally, the malicious transaction included a contract upgrade that transferred control to the attacker, a process that Liminal’s interface is not supposed to allow. WazirX’s investigation revealed that no new connection requests were sent to their hardware wallets, and all requests came from whitelisted addresses. The exchange argues that this evidence suggests a breach in…
Filed under: News - @ July 27, 2024 3:14 am