WazirX Discloses Hacking Investigation Details
The exchange asserts that their computers showed no signs of compromise during the recent incident, pointing to the breach of their custodian, Liminal Custody, as the main factor.
On this page
The exchange asserts that their computers showed no signs of compromise during the recent incident, pointing to the breach of their custodian, Liminal Custody, as the main factor.
Liminal Custody initially denied any security problems, but WazirX maintains that the hackers exploited Liminal’s infrastructure for their fraudulent transfers.
WazirX proposed two scenarios for the incident: either the hackers accessed the funds by breaching Liminal's infrastructure alone or by compromising both Liminal and WazirX. The team leans towards the first scenario but insists that Liminal's infrastructure was compromised in any case.
The exchange also provided several points supporting the custodian breach theory:
- No new connections to hardware wallets were identified.
- The malicious request originated from a whitelisted address.
- Token names and destination addresses matched expectations within Liminal's interface.
Additional details indicate that during the attack, the hacker altered a smart contract's code and took control of it, despite Liminal's interface supposedly preventing this. The exchange also debunked claims that some fraudulent transactions were signed before the attack. The hacker had prepared the necessary smart contracts by July 10 but did not interact with WazirX until July 18.
WazirX is calling on developers and security experts to engage in discussions about the incident and provide recommendations to prevent similar breaches in the future.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
