WazirX, a leading cryptocurrency exchange in India, has concluded its preliminary investigation into the recent cyber-attack on its multi-signature Ethereum wallet.
After the investigation, the exchange asserted that no evidence suggests the devices of their signers were compromised. This finding comes after a thorough scientific analysis conducted in response to the attack earlier this month.
WazirX Cyber Attack Analysis
The exchange initially blamed its custody service provider, Liminal, for the breach. According to WazirX, the hack was attributed to an issue with Liminal’s user interface.
However, Liminal’s investigation report, released on July 19, countered this claim. The report indicated that their infrastructure remained secure and suggested that compromised hardware wallets were the likely cause.
Meanwhile, WazirX’s continued scientific efforts have not revealed any signs of malware or tampering on their signers’ devices.
The hacked wallet, which required signatures from three WazirX signers and one from Liminal, had its legitimate transactions signed by devices located in different places. All these devices have access to Liminal’s authentic website.
The hardware wallets did not detect any new connection requests, affirming the website’s legitimacy during the attack.
Despite the stringent security measures in place, including multi-signature protocols, the attacker used legitimate signatures. This implies a deeper issue, possibly within Liminal’s system.
The exchange has outlined two primary scenarios that could explain this breach. WazirX considers the first scenario more likely: a direct compromise within Liminal’s infrastructure resulting in malicious transactions originating from their system.
The use of whitelisted addresses and the absence of new connection requests to hardware wallets support this hypothesis.
The second scenario suggests a compromise of WazirX signers’ devices, potentially through malware. However, the team found no preliminary evidence to back up this suspicion.
For such a move to work, the final signature required for the transactions must be obtained by breaching Liminal’s firewall.
WazirX believes that the attack did not begin with its servers, thereby making Liminal’s security protocols a likely suspect.
The Malicious Transactions
The attack, which occurred on July 18, resulted in the theft of roughly 45% of WazirX’s crypto assets, prompting the exchange to temporarily halt its operations. WazirX assured its users that their multi-signature wallet and all fiat currency deposits would not be affected.
In response to the incident, WazirX is actively cooperating with relevant authorities and exploring partnerships to restore operations and compensate affected users.
Meanwhile, cybersecurity experts speculate that the notorious North Korean Lazarus Group might have been involved in this breach.
This suspicion particularly holds considering the group’s technical abilities and sophisticated cyber-attacks on crypto exchanges and financial institutions.
Disclaimer: The opinions expressed in this article do not constitute financial advice. We encourage readers to conduct their own research and determine their own risk tolerance before making any financial decisions. Cryptocurrency is a highly volatile, high-risk asset class.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.