Background
On July 18, 2024, on-chain monitoring agencies detected unusual transfers from the wallet of the Indian cryptocurrency exchange WazirX. It was confirmed that the exchange had been hacked. SlowMist founder Cos stated that the breach occurred due to the compromise of a multi-signature ETH hot wallet address.
For more details, see the previous report here: https://www.wikibit.com/en/202407192024959118.html.
Dispute over Responsibility
WazirX and Liminal Custody, the custodians of the stolen funds, have been blaming each other for the incident. The compromised wallet was a multi-signature wallet with five signers from the WazirX team and one from Liminal, a third-party custodial service provider hired by WazirX.
WazirX stated that the attack was related to the multi-signature wallet associated with Liminal’s digital asset custody service, citing “discrepancies between the data displayed on Liminal’s interface and the actual transactions.”
Liminal, on the other hand, claimed that its infrastructure had not been breached and that all wallets, including WazirX’s, remained secure. A multi-signature wallet requires multiple signatures to authorize transactions.
Binance Denies Responsibility
In a blog post, Binance stated that the Zanmai-operated WazirX platform reported a cyberattack on July 18, 2024, resulting in user fund losses of approximately $235 million, and WazirX has been unable to fulfill withdrawal requests. Binance also pointed out that Zettai’s primary owner, Nischal Shetty, made some inaccurate statements regarding the ongoing dispute between Zettai and Binance. Shetty suggested that Binance might somehow be responsible for the losses suffered by WazirX users and creditors as a result of the cyberattack. Binance refuted these claims, stating that any such assertions are highly misleading.
Binance clarified that it never acquired WazirX, despite signing an agreement, because Zettai failed to meet its obligations, and the proposed transaction was never completed. Binance emphasized that it has never owned, controlled, or operated WazirX at any time, including before, during, or after the alleged hack.
Shetty claimed that the current dispute between Zettai and Binance might lead to Binance owning WazirX, which would, in turn, make Zettai’s creditors Binance’s creditors, meaning Binance would be responsible for WazirX users. In response, Binance rejected this notion, stating that it does not own or operate WazirX, is not a party to WazirX’s agreements with its users, holds no WazirX user funds, and bears no responsibility for the consequences of the cyberattack. Shetty’s statements were deemed inaccurate and misleading.
In 2019, Binance announced the acquisition of WazirX, but in 2022, Binance’s founder denied this, stating that the deal was never completed.
