Indian crypto exchange WazirX, which suffered a $230 million hack in July, has said it is moving customer funds to new multi signature wallets and ending its relationship with crypto custody provider Liminal.
In an X post on Aug. 14, updating customers on the aftermath of the attack, the exchange said it was moving its remaining assets from Liminal to new multisig wallets to ensure their “maximum security.”
👋 Tribe! We want to keep you informed about the measures we're taking to safeguard crypto assets on the exchange. We are in the process of migrating the remaining assets held with Liminal to new multisig wallets. This step is essential to ensure maximum security of the assets… pic.twitter.com/3C8ort5P7D
— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) August 14, 2024
In a post-mortem report published soon after the attack, the Mumbai-based exchange explained that its multisig wallets needed a set of signatures from three members of its team and another from crypto custody service provider Liminal in order to verify a transaction.
However, according to the exchange, attackers took advantage of a discrepancy between the data displayed on Liminal’s interface and what was actually contained in a transaction, allowing them to transfer control of the wallet to themselves.
The attackers then stole more than $230 million in various cryptocurrencies, including Ethereum (ETH), Shiba Inu (SHIB), Polygon (MATIC), and Pepe (PEPE). The lesser tokens were swapped into ETH, bringing the total haul to more than 59,000 ETH.
The attack limited the exchange’s ability to maintain a 1:1 collateral with its assets, forcing it to halt both crypto and fiat withdrawals.
You might also like: Binance completes registration with India’s financial intel
Liminal has since stated that its infrastructure was not breached and that all wallets in its custody, including those of WazirX, were safe.
However, in its latest update, WazirX maintained its stance that Liminal’s systems and interface had been compromised in the July 18 exploit, thus necessitating the precaution. It, however, gave no exact timeline as to when the wallet migration would be completed, only stating that it would publish a list of all the new addresses once it was done with the exercise.
Following the exploit, WazirX had tried to institute a “socialized loss strategy,” which would have seen users access 55% of their funds with the remaining 45% held by the exchange in Tether (USDT) equivalent tokens.
However, the proposal was met with widespread outrage, with users accusing the exchange of trying to avoid taking full responsibility for the losses incurred from the hack. Subsequently, WazirX was forced to backtrack on the plan, asking for more time to work on a resolution.
Read more: Senate majority leader Schumer pushes for crypto regulation by year-end
