Liminal Custody has published a detailed report on the recent $235 million hack that targeted WazirX, one of India’s biggest cryptocurrency exchanges. The report also states that Liminal’s platform was not compromised, but the attack originated from the compromised devices at WazirX. This clarification comes after WazirX, in its incident overview of the hack, mentioned Liminal’s role in its preliminary findings.
Key Insights from Liminal’s Report
1. Liminal’s examination revealed that three WazirX devices were affected, which explains the incident. These devices turned out to be the main weak link that provided the attackers access to the wallet.
2. Signature exploits:
Hackers used a variety of tactful strikes to obtain the necessary signatures for the approval transactions.
First signature exploit: The attackers signified and modified an attempt to form a transaction using the GALA protocol because the transaction data was discrepant.
– Second signature exploit: Another attempt by Keystone to execute a GALA transaction was also endangered, meaning that several devices were in action.
– Third signature exploit: In the same manner, the attackers could also obtain the third required signature during an approval attempt of a legitimate USDT transaction.
3. Final exploit
Once all the required signatures were made, the attackers made the last transaction to take the money into their custody. All these malicious transactions had signatures gotten from each of the exploited sequences, and therefore, the attacks were sophisticated, coordinated, and fully automated.
Specifically, the report excludes the idea that Liminal’s infrastructure was compromised, shedding light on its integrity. Other Gnosis SAFE wallets are used on the WazirX platform; however, all wallets on Liminal’s platform are still safe. Liminal is still running its business and serving clients without reported concerns regarding transactions and account withdrawals.
As of writing WazirX has filed a police complaint and is pursuing additional legal actions against the fraudsters. The incident has been reported to the Financial Intelligence Unit (FIU) and CERT-In. The team has also reached out to 500+ exchanges to block the identified addresses.