An investigation into the recent hack of India-based crypto exchange WazirX has revealed that compromised devices, not the infrastructure, were responsible for the breach. Liminal, a multiparty computation (MPC) wallet provider, clarified that its infrastructure remained safe and was not compromised in the attack.
According to a post-mortem report released by Liminal on July 19, the breach, which resulted in an estimated $235 million loss, was attributed to three compromised devices within WazirX’s network. The report explained that the attacker exploited these compromised devices to manipulate transaction details and initiate unauthorized transfers.
Liminal’s multi-signature wallet system was configured to provide a fourth signature if three valid signatures were received from WazirX. The attacker took advantage of this setup by altering transaction details and tricking Liminal’s system into approving unauthorized transactions.
Contrary to WazirX’s initial claims that the attack was a result of discrepancies between data displayed on Liminal’s interface and actual transaction contents, Liminal asserted that the compromised devices sent malicious payloads to its servers. The firm suggested that a sophisticated man-in-the-middle (MIM) attack or a client-side compromise was likely responsible for the breach.
While WazirX stated that it had implemented robust security measures, including hardware wallets and whitelists for destination addresses, the attacker still managed to breach these defenses. The exchange has not publicly addressed Liminal’s findings and is currently working with law enforcement and forensic experts to trace the stolen funds and recover customer assets.
As the investigation into the WazirX hack continues, questions remain unanswered about how the attacker initially gained access to the compromised devices. Liminal’s post-mortem report sheds light on the technical aspects of the breach and highlights the importance of securing not only infrastructure but also individual devices within a network to prevent unauthorized access and protect user funds.