BTC dominance: 52.52% • ETH Gas: 13 / 13 / 16
RecentCoin RecentCoin
New coins deployed last 24h: +0
WazirX finds no evidence of compromised devices, blames Liminal security

WazirX finds no evidence of compromised devices, blames Liminal security

full version at cryptoslate

WazirX said its preliminary investigation found no evidence indicating that the machines of WazirX signers were compromised during a recent sophisticated cyber attack on its multi-signature Ethereum wallet, according to a July 25 blog post,

The attack, which occurred earlier this month, has prompted significant concern and scrutiny within the crypto community. The exchange initially said the hack occurred due to an issue with its custody service provider, Liminal’s user interface.

However, Liminal said in its July 19 investigation report its infrastructure was not responsible for the hack and that compromised hardware wallets were the most likely cause.

WazirX investigation

WazirX emphasized that its ongoing forensic analysis has not uncovered any signs of malware or tampering on their signers’ devices. The attacked wallet required the signatures of three WazirX signers and one from Liminal, a custody service provider.

The malicious transactions were signed using devices at different locations, each accessing the legitimate Liminal website. The hardware wallets, crucial in securing transactions, did not detect any new connection requests, indicating the website used was authentic.

Despite the rigorous security measures in place, the attack involved legitimate signatures. The exchange believes this points to a potential breach within Liminal’s system. Furthermore, it said that even if the hardware wallets were compromised, Liminal’s fourth signature was the final “line of defense.”

WazirX outlined two possible scenarios that could explain the breach:

  • Breach within Liminal’s Infrastructure: Malicious transactions were received directly from Liminal due to a potential compromise of their system. This scenario is currently considered more likely due to the absence of new connection requests to hardware wallets and the use of whitelisted addresses.
  • Compromise of WazirX Signers’ Devices: This scenario involves malware infecting the devices of WazirX signers, although no preliminary evidence has been found to support this. It would also require a breach of Liminal’s firewall to obtain the final signature.

The exchange emphasized that the malicious transactions did not originate from WazirX servers, which points to a potential breach of Liminal’s security.

The hack

The India-based crypto exchange suffered the catastrophic hack on July 18. The attacker stole roughly 45% of the crypto it held, forcing it to halt operations. WazirX said that the hack only affected its multi-sig wallet and assured users that their fiat currency deposits remained safe.

The exchange said it is working with all relevant authorities and plans to resume services once a viable solution is found. It’s currently discussing possible partnerships that would allow it to make customers whole.

Cybersecurity experts have suggested the involvement of the notorious North Korean Lazarus Group, known for its advanced cyber attacks on financial institutions and crypto exchanges.

The incident highlights the evolving challenges of securing multi-signature wallets, particularly the risks associated with “blind signing,” where hardware wallets do not display transaction details.

WazirX said it had implemented industry-standard best practices, including verifying website URLs, using reputable platforms, and employing multi-factor authentication.

The post WazirX finds no evidence of compromised devices, blames Liminal security appeared first on CryptoSlate.

DeBank.com spLP profile by cryptoslate

Recent Crypto News

Trump's Bitcoin Support A Political No-Brainer To Garner Votes, Says Peter Schiff: Promise To Make King Crypto A Reserve Asset 'Won't Be Kept'
Trump's Bitcoin Support A Political No-Brainer To Garner Votes, Says Peter Schiff: Promise To Make King Crypto A Reserve Asset 'Won't Be Kept'
Added 14 minutes, 13 seconds ago by benzinga
Marshall Becomes First US Senator to Walk from Controversial Crypto Bill He Co-Sponsored
Marshall Becomes First US Senator to Walk from Controversial Crypto Bill He Co-Sponsored
Added 29 minutes, 9 seconds ago by decrypt.co
Are PoS networks really more expensive to attack than PoW?
Are PoS networks really more expensive to attack than PoW?
Added 29 minutes, 11 seconds ago by cryptopolitan
SBI and Franklin Templeton Collaborate to Create Digital Asset Management Firm
SBI and Franklin Templeton Collaborate to Create Digital Asset Management Firm
Added 29 minutes, 12 seconds ago by news.bitcoin
Bitcoin’s Surge Above $65,000: Insights from BlackRock’s Perspective on BTC and Ethereum
Bitcoin’s Surge Above $65,000: Insights from BlackRock’s Perspective on BTC and Ethereum
Added 44 minutes, 12 seconds ago by en.coinotag
US Senator Lummis Proposes Bill to Make Bitcoin a Federal Reserve Asset
US Senator Lummis Proposes Bill to Make Bitcoin a Federal Reserve Asset
Added 59 minutes, 11 seconds ago by en.coinotag

Recent conversions

0.0021 BTC to USD 2700 THB to NZD 0.04 BNB to CAD 0.02 ETH to CAD 0.00000025 BTC to NZD 0.9 SOL to USD 100 SOL to CHF 0.00000001 BTC to ETH 5 FLOW to NOK 1000000 BITS to BTC 27 BTC to NZD