Coinspeaker WazirX Ends Partnership with Liminal Custody after $230 Million Hack

WazirX, the Indian cryptocurrency exchange, is severing its ties with Liminal Custody following a significant security breach that occurred in July. The attack resulted in the theft of around $230 million, representing about 45% of the exchange’s total customer funds. In response, WazirX announced on X  that it’s migrating its assets from Liminal to new multi-signature wallets as part of a strategic effort to improve security and prevent future incidents.

The exchange has emphasized that while its internal systems remain secure, the breach involved issues with Liminal’s custody services. This migration to new wallets is a precautionary measure designed to ensure the highest level of protection for user assets after the incident on July 18th.

WazirX plans to publish a list of the new wallets once the migration is complete, enhancing transparency for its users. The exchange has also provided a link to track all on-chain transactions related to the hack, allowing users to monitor the status of their funds.

Response from Liminal and User Reactions

In a detailed post-mortem of the hack released on July 19, Liminal Custody has claimed that its systems were not at fault for the hack. Instead, it involved a compromise of WazirX’s own devices. The multi-signature wallet system used by WazirX had six signatories, including Liminal and WazirX’s own team members. The attacker only needed to compromise three of these signatories to execute the attack.

The process involved an attacker initiating a valid transaction from WazirX’s devices. Liminal’s server provided a “safeTxHash” to confirm this transaction. However, the attacker replaced this hash with an invalid one, which led to the transaction’s failure. By using signatures from other transactions, the attacker was able to approve a new transaction, which was processed successfully on the Ethereum network.

Liminal also noted that WazirX had the ability to remove the funds immediately after the breach but chose to delay the migration. Following the breach, WazirX has faced criticism from users for delays in fund withdrawals and a perceived lack of transparency. The exchange’s co-founder has requested patience as they work through the issues and improve security.

WazirX Restoring User Balances

WazirX recently announced that it’s in the process of restoring user balances. The exchange will use transaction records dating to the time of the hack to determine which users are eligible for reimbursement. To facilitate a secure transfer of assets, the exchange has suspended trading and withdrawal functions temporarily.

WazirX has assured users that restoring their balances is a top priority, and is also implementing additional security measures to prevent any further breaches. Moving forward, the exchange’s commitment to transparency and sound user protection practices will be crucial in rebuilding confidence and ensuring a safer trading environment.

next

WazirX Ends Partnership with Liminal Custody after $230 Million Hack