After forensic analysis, WazirX blames wallet provider for crypto heist

But Liminal Custody stresses its systems weren't compromised

Nearly a month after conducting a preliminary investigation into a security breach that led to a loss of $230 million at WazirX, the embattled crypto exchange on Monday claimed that a separate forensic analysis found no compromise of its IT systems and blamed its wallet service provider Liminal Custody for the cyberattack.

WazirX said the investigation was led by cybersecurity firm Mandiant Solutions, a subsidiary of tech giant Google.

“While a detailed report is forthcoming, the findings largely indicate that the issue leading to the cyberattack originated from Liminal. The wallet that was attacked was managed using Liminal’s digital asset custody and wallet infrastructure,” WazirX said in a press release.

Liminal Custody clarified that its systems were not compromised after the cyberattack was first detected.

“If one were to go by the information WazirX has shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture, given that they were the custodians for five of the six keys,” Liminal said in a statement.

The company added that it had empanelled auditors to investigate the case.

In a post on X (formerly Twitter), Nischal Shetty, founder and chief executive officer (CEO) of WazirX, said the company was yet to “hear credible answers from Liminal”.

Shetty raised concerns on the extent of breach on Liminal’s systems while casting aspersions on the service provider regarding the involvement of an insider leading to the theft of funds.

“Why/How did Liminal’s website show us a genuine transaction that was supposed to be signed and yet send incorrect payload for signing? Why and how did their firewall end up allowing the transaction which was not to the whitelisted address? Why and how did they end up signing and approving this malicious transaction,” he asked in the post.

WazirX quoted Mandiant’s finding, stating that the cybersecurity firm “did not identify evidence of compromise on the three laptops that were used for signing transactions” at the crypto exchange.

Last month, one of WazirX’s multisig, or multisignature, wallets suffered a breach following which the company temporarily suspended most of its operations. The affected multisig wallet at the firm had six signatories: five managed by WazirX and one by Liminal Custody, a platform that services the crypto exchange’s wallets.