After experiencing a security breach on July 18, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy

Days after WazirX experienced a major security breach, resulting in withdrawals of around $234.9 Mn during the early European hours, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack.

Following this, the company also announced a prize of $23 Mn as a part of its bounty programme to recover the $230 Mn assets stolen during the attack.

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step, as evidenced by the use of 3 WazirX signatures and 1 Liminal signature. 

Liminal is a digital asset management platform that helps secure and manage cryptocurrency transactions through a structured and secure process. It is specifically designed to handle high-value transactions and prevent unauthorised or malicious transfers. 

As per the company, the attack involved a contract upgrade that Liminal’s interface reportedly does not permit. 

“We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” the company said in a statement.

However, it shared that none of its signers’ machines were compromised.

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy.

“Contrary to some reports by self-proclaimed crypto experts on social media, WazirX did not sign any malicious transactions 8 days before the attack. The attacker had created smart contracts on July 10, 2024, but these had no interaction with the WazirX wallet until July 18, 2024,” the company said in a blog post.

WazirX’s security breach impacted one of its wallets Safe Multisig on the Ethereum network, resulting in the loss of user funds.

Founded in 2017, WazirX is a bitcoin and cryptocurrency exchange where you can buy, sell, and trade digital assets, catering to both first-time investors and professional traders alike.

Based on its preliminary analysis, the company has outlined two potential scenarios that may have occurred. Scenario 1 suggests that the malicious transactions were directly received by the WazirX signers from Liminal due to a possible breach of Liminal’s infrastructure. 

Scenario 2 proposes that malware compromised all three WazirX signers’ devices. Although there is no preliminary evidence of malware, WazirX has initiated a forensic investigation. 

Given the current findings, WazirX believes Scenario 1 is more likely but awaits further forensic results before confirming. 

After experiencing a security breach on July 18, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy

Days after WazirX experienced a major security breach, resulting in withdrawals of around $234.9 Mn during the early European hours, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack.

Following this, the company also announced a prize of $23 Mn as a part of its bounty programme to recover the $230 Mn assets stolen during the attack.

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step, as evidenced by the use of 3 WazirX signatures and 1 Liminal signature. 

Liminal is a digital asset management platform that helps secure and manage cryptocurrency transactions through a structured and secure process. It is specifically designed to handle high-value transactions and prevent unauthorised or malicious transfers. 

As per the company, the attack involved a contract upgrade that Liminal’s interface reportedly does not permit. 

“We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” the company said in a statement.

However, it shared that none of its signers’ machines were compromised.

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy.

“Contrary to some reports by self-proclaimed crypto experts on social media, WazirX did not sign any malicious transactions 8 days before the attack. The attacker had created smart contracts on July 10, 2024, but these had no interaction with the WazirX wallet until July 18, 2024,” the company said in a blog post.

WazirX’s security breach impacted one of its wallets Safe Multisig on the Ethereum network, resulting in the loss of user funds.

Founded in 2017, WazirX is a bitcoin and cryptocurrency exchange where you can buy, sell, and trade digital assets, catering to both first-time investors and professional traders alike.

Based on its preliminary analysis, the company has outlined two potential scenarios that may have occurred. Scenario 1 suggests that the malicious transactions were directly received by the WazirX signers from Liminal due to a possible breach of Liminal’s infrastructure. 

Scenario 2 proposes that malware compromised all three WazirX signers’ devices. Although there is no preliminary evidence of malware, WazirX has initiated a forensic investigation. 

Given the current findings, WazirX believes Scenario 1 is more likely but awaits further forensic results before confirming.