According to TechFlow, on July 25, WazirX conducted a preliminary investigation into the recent cyberattack and shared the findings with the crypto community. The main findings include:

No evidence was found on the WazirX signers’ machines that had been compromised; The attack may have originated from Liminal’s infrastructure, bypassing the final verification step; Contrary to some reports, no malicious transactions were signed before July 18, 2024; The attack involved contract upgrades, and Liminal’s interface reportedly does not allow such operations.

WazirX is considering two scenarios: one is that a vulnerability in Liminal’s infrastructure led to malicious transactions, and the other is a complex malware attack that requires breaking into both WazirX and Liminal systems. At present, the former scenario is more likely, but it is still awaiting final forensic results.