TLDR
- WazirX, an Indian crypto exchange, suffered a $235 million hack on July 18, 2024.
- WazirX’s investigation found no evidence of compromise in their own systems.
- The exchange suggests the breach likely originated from Liminal, their multi-party computation (MPC) wallet provider.
- Liminal denies any breach of its infrastructure and suggests the attack might have occurred by compromising WazirX devices.
- The incident highlights security risks associated with “blind signing” in hardware wallets.
On July 18, 2024, WazirX, a major Indian cryptocurrency exchange, fell victim to a sophisticated cyber attack resulting in a loss of $235 million.
This incident has sparked a heated debate between WazirX and its multi-party computation (MPC) wallet provider, Liminal, over the source of the security breach.
WazirX’s preliminary investigation, released on July 25, found no evidence that their infrastructure’s signer machines were compromised.
In light of the recent cyber attack on WazirX, our preliminary investigation reveals no evidence of compromise on our signers' machines. We are continuing to explore all possible sources of the breach.
For more details, please read this blog 👇https://t.co/UQD7LVUy0v
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 25, 2024
Instead, the exchange pointed to Liminal as the likely origin of the breach. According to WazirX, the malicious transactions were processed through Liminal’s infrastructure, using three WazirX signatures and one Liminal signature.
The exchange highlighted several issues with Liminal’s security measures. The Liminal MPC wallet, designed to prevent withdrawals to non-whitelisted addresses, failed to do so during the attack.
Additionally, the malicious transaction included a contract upgrade that transferred control to the attacker, a process that Liminal’s interface is not supposed to allow.
WazirX’s investigation revealed that no new connection requests were sent to their hardware wallets, and all requests came from whitelisted addresses. The exchange argues that this evidence suggests a breach in Liminal’s system rather than their own.
However, Liminal has strongly denied these allegations. In a report released on July 19, Liminal maintained that its platform remains secure and fully operational.
In light of recent events, we want to clarify that Liminal's platform was not breached. Our platform continues to remain secure and fully operational for all our clients, including WazirX.
As part of our security process, we've conducted a comprehensive forensic analysis. Our…
— Liminal Custody🚀 (@liminalcustody) July 19, 2024
The wallet provider suggested that the attack might have occurred by compromising all three WazirX devices, a claim that WazirX’s investigation disputes.
The incident has brought attention to the security risks associated with “blind signing” in hardware wallets. This process, where transaction details are not displayed on the wallet’s LED screen, forces users to rely on a separate device or the custody provider’s interface for information. This practice is considered a security problem within the hardware wallet community.
The hack has raised concerns about the reliability of third-party infrastructure in securing digital assets. WazirX pointed out that other organizations, including the Central Bureau of Investigation (CBI), also use Liminal to store seized assets, questioning the trustworthiness of such custodians if their security measures can be bypassed.
As the investigation continues, WazirX has halted its operations and is working on a plan to resume services. The exchange’s co-founder, Nischal Shetty, has outlined steps to involve the community in deciding the platform’s reopening and recovery plans.
These steps include running a poll to help customers decide the approach to reopening the platform and exploring solutions to unlock tokens affected by the hack.