Probe Finds Attack Originated From Liminal’s Infrastructure

Share via:


SUMMARY

After experiencing a security breach on July 18, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy

Days after WazirX experienced a major security breach, resulting in withdrawals of around $234.9 Mn during the early European hours, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack.

Following this, the company also announced a prize of $23 Mn as a part of its bounty programme to recover the $230 Mn assets stolen during the attack.

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step, as evidenced by the use of 3 WazirX signatures and 1 Liminal signature. 

Liminal is a digital asset management platform that helps secure and manage cryptocurrency transactions through a structured and secure process. It is specifically designed to handle high-value transactions and prevent unauthorised or malicious transfers. 

As per the company, the attack involved a contract upgrade that Liminal’s interface reportedly does not permit. 

“We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” the company said in a statement.

However, it shared that none of its signers’ machines were compromised.

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy.

“Contrary to some reports by self-proclaimed crypto experts on social media, WazirX did not sign any malicious transactions 8 days before the attack. The attacker had created smart contracts on July 10, 2024, but these had no interaction with the WazirX wallet until July 18, 2024,” the company said in a blog post.

WazirX’s security breach impacted one of its wallets Safe Multisig on the Ethereum network, resulting in the loss of user funds.

Founded in 2017, WazirX is a bitcoin and cryptocurrency exchange where you can buy, sell, and trade digital assets, catering to both first-time investors and professional traders alike.

Based on its preliminary analysis, the company has outlined two potential scenarios that may have occurred. Scenario 1 suggests that the malicious transactions were directly received by the WazirX signers from Liminal due to a possible breach of Liminal’s infrastructure. 

Scenario 2 proposes that malware compromised all three WazirX signers’ devices. Although there is no preliminary evidence of malware, WazirX has initiated a forensic investigation. 

Given the current findings, WazirX believes Scenario 1 is more likely but awaits further forensic results before confirming. 





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Probe Finds Attack Originated From Liminal’s Infrastructure


SUMMARY

After experiencing a security breach on July 18, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy

Days after WazirX experienced a major security breach, resulting in withdrawals of around $234.9 Mn during the early European hours, the cryptocurrency exchange has launched a preliminary investigation in connection with the cyber attack.

Following this, the company also announced a prize of $23 Mn as a part of its bounty programme to recover the $230 Mn assets stolen during the attack.

According to its preliminary findings, the attack likely originated from Liminal’s infrastructure, bypassing their final verification step, as evidenced by the use of 3 WazirX signatures and 1 Liminal signature. 

Liminal is a digital asset management platform that helps secure and manage cryptocurrency transactions through a structured and secure process. It is specifically designed to handle high-value transactions and prevent unauthorised or malicious transfers. 

As per the company, the attack involved a contract upgrade that Liminal’s interface reportedly does not permit. 

“We have representations from Liminal that their interface does not allow initiating contract upgrade from its interface,” the company said in a statement.

However, it shared that none of its signers’ machines were compromised.

The findings further revealed that the malicious transaction was not sent to any of the whitelisted destination addresses, which should have been blocked by Liminal’s firewall and whitelist policy.

“Contrary to some reports by self-proclaimed crypto experts on social media, WazirX did not sign any malicious transactions 8 days before the attack. The attacker had created smart contracts on July 10, 2024, but these had no interaction with the WazirX wallet until July 18, 2024,” the company said in a blog post.

WazirX’s security breach impacted one of its wallets Safe Multisig on the Ethereum network, resulting in the loss of user funds.

Founded in 2017, WazirX is a bitcoin and cryptocurrency exchange where you can buy, sell, and trade digital assets, catering to both first-time investors and professional traders alike.

Based on its preliminary analysis, the company has outlined two potential scenarios that may have occurred. Scenario 1 suggests that the malicious transactions were directly received by the WazirX signers from Liminal due to a possible breach of Liminal’s infrastructure. 

Scenario 2 proposes that malware compromised all three WazirX signers’ devices. Although there is no preliminary evidence of malware, WazirX has initiated a forensic investigation. 

Given the current findings, WazirX believes Scenario 1 is more likely but awaits further forensic results before confirming. 





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

BSNL launches free intranet TV for mobile, national wi-fi...

New Delhi, 22 December 2025: Bharat Sanchar Nigam Limited (BSNL),...

Shanghai startup begins mass-producing its humanoid robots

AgiBot is backed by major investors such as...

Israeli fintech firm acquired by Italian company for $150m

Morning was originally founded in 2011 under the...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!