WazirX Clears Security Concerns After $230 Million Cyberattack, Investigation Shows No Internal Compromise
In the aftermath of a $230 million cyberattack WazirX, one of India’s leading cryptocurrency exchanges, has confidently declared that its systems and laptops were not breached. This announcement follows an in-depth forensic investigation led by Mandiant Solutions, a subsidiary of Google. The investigation’s findings suggest that the vulnerability likely originated from Liminal, WazirX’s former infrastructure and custody partner.
WazirX Exonerated in Forensic Examination
Last month, WazirX suffered a significant security breach that resulted in the loss of nearly 45% of its assets. The attack targeted a multisig wallet—a sophisticated crypto wallet requiring multiple private keys for transaction approvals. This particular wallet was secured by six signatories: five from WazirX and one from Liminal.
WazirX clarified that “All transactions from the multisig wallet required approval from three members of WazirX, followed by final authorization from Liminal.” Despite this, Mandiant Solutions’ forensic report revealed, “No evidence of compromise was found on the three laptops used for signing transactions.”
These findings have shifted the blame away from internal failures at WazirX, pointing instead to a potential security lapse at Liminal. WazirX stated, “The findings largely indicate that the issue leading to the cyberattack originated from Liminal,” according to a report by MoneyControl.
WazirX’s Response and Recovery Efforts
WazirX has expressed complete confidence in the forensic investigation and pledged full cooperation with the ongoing investigation. A spokesperson for the exchange stated, “We have full faith in the investigating agency and will cooperate fully. We are actively working on recovering the stolen funds and are hopeful that those responsible will be brought to justice.”
In response to the breach, WazirX has launched several recovery initiatives. Among them is a Bounty Program, offering rewards of up to $10,000 worth of USDT. Additionally, the platform has sought user feedback through a poll to guide its next steps.
The exchange is also seeking support from industry rivals and peers, exploring possibilities including a potential buyout. Notably, WazirX had previously approached Binance, which had once managed a significant portion of its revenue and held WRX tokens valued at $80 million.
Latest Developments
To further address the breach, WazirX has engaged with the Financial Intelligence Unit of India (FIU) and the Indian Computer Emergency Response Team (CERT). Initially, the exchange proposed a “55/45 approach” to mitigate customer losses, allowing users to trade 55% of their tokens while converting the remaining 45% into USDT, which would be locked until the funds were recovered. However, this proposal was met with substantial customer opposition and was eventually abandoned.
In light of the hack, Liminal has been removed as a custody partner for WazirX. The exchange has also completed the restoration of balances by reversing all trades that occurred between July 18 and July 21, during which unauthorized transactions were not successfully blocked.
Leave a comment