Weeks after WazirX, a cryptocurrency exchange was targeted by a cyber attack resulting in the theft of digital assets exceeding $230 million from one of their Multisig wallets, Mandiant Solutions, a cyber security firm and a Google subsidiary gave WazirX a clean chit.
As part of Mandiant Solutions’ investigation, one of their tasks was to determine if any of the three laptops used by WazirX team member for performing transactions had been compromised.
In its report published on August 14th, Mandiant stated, “We did not identify evidence of compromise on the three laptops that were used for signing transactions.”
Wazirx noted in its post dated August 19th , “While a detailed report is forthcoming, the findings largely indicate that the issue leading to the cyberattack originated from Liminal. The wallet that was attacked was managed using Liminal’s digital asset custody and wallet infrastructure.”
A spokesperson for WazirX said, “We have full faith in the investigating agency and shall cooperate with them to the fullest extent. We are actively working on recovering the stolen funds and are hopeful that those responsible will be brought to justice.”
Liminal custody explains stance
Given that Liminal Custody is a regulated crypto custodian in the UAE having acquired the Financial Services Permission (FSP) from the Abu Dhabi Global Market (ADGM) Financial Services Regulatory Authority (FSRA) and is currently seeking a license from Dubai through VARA, Lara on the Block asked Liminal for their feedback on the WazirX incident.
Liminal Custody statement (provided via email) stated, “It is pertinent to note that the client in question is using our self-custody wallet infrastructure software and not any custody service, regulated or otherwise. It is also important to understand that this incident occurred in India and is unrelated to the UAE, managed custody, regulated custody, or ADGM.”
Liminal Custody goes on to note, “In the self-custodial wallet service, they are the custodians of the assets as they have complete access to all the wallets and funds at all times. Furthermore, they are the sole initiators of all transactions on their wallets and also have recovery kits and backup kits to gain complete access to their wallets in the event that Liminal were to not exist for any reason. This is a standard and default feature of all self-custodial wallet infrastructure products.”
Liminal has also just provided Lara on the Block with an updated statement on WazirX post on August 19. Liminal Custody states, “We cannot comment on the statement put out by WazirX, due to the lack of any information on the scope and methodology of the audit they have conducted. Having said that, if one were to go by the information they’ve shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture, given that they were the custodians for 5 of the 6 keys.”
Liminal adds, “As far as our front-end and UI is concerned, our preliminary audit reports categorically indicate no breach in our front-end or UI. Please note that we have empaneled more than one reputed independent auditors to conduct forensic analysis and our detailed reports are expected to arrive within this week. We are confident that the Liminal front-end and UI were not compromised and the report and findings will be shared as soon as they are made available to us. It is unfortunate that this is being made out into a Liminal vs WazirX social media battle while so many users continue to suffer. In the interest of absolute transparency at our end, we have empaneled more than one reputed auditor and are open to empaneling additional auditors, including the likes of Mandiant to conduct the UI audit as well.”
Liminal Custody in MENA
With regards to their operations in the MENA, Liminal Custody states, “ In the MENA region, we provide regulated custody services where Liminal holds all the private keys and leverages its expertise to provide robust security and compliance with international security certifications, including CCSS Level-3 QSP, ISO 27001 & 27701, and others, which underscore our unwavering commitment to security.”
Finally in their statement to Lara on the Block Liminal Custody states, “ We unequivocally state that Liminal’s platform, infrastructure, wallets, and assets remain completely secure and both our platforms continue to process transactions and withdrawals seamlessly.”
Liminal Custody is doing its own investigation
In July 2024, Liminal published a statement staring that the recent security breach suffered by WazirX, underscores the urgent need for robust security measures and investor protection across the industry. This wallet, independently created and subsequently imported onto the Liminal platform, was compromised on July 18. Our preliminary investigation points to a customer level compromise via a sophisticated intrusion. They had stated that Liminal’s platform, infrastructure, wallets, and assets remain completely secure.
Liminal had announced its engagement of independent CERT-certified, third-party experts to conduct thorough forensic audits which will be backed by published reports while engaging with relevant authorities.
However soon after this statement WazirX accused Liminal Custody of failing to secure the multisig wallet, and WazirX ended its Custody Relationship With Liminal moving funds To New Multisig Wallets.
The blaming game is not important getting back users money is
Whoever is to blame, on X, Top Asian Crypto influencer, WISE ADVICE expresses what’s on the mind of everyone. He notes, “It’s been more than a month since WazirX got hacked, Still, nobody is taking responsibility for the hack. Earlier, Liminal blamed WazirX for this hack. Now WazirX is blaming Liminal for this hack. But that’s not the main question; the main question is when users are going to get their money back.”
