Bengaluru: Google subsidiary Mandiant Solutions, which was hired by WazirX for a forensic analysis, provided a clean chit to the crypto exchange. In its report, the cybersecurity firm said, "We did not identify evidence of compromise on the three laptops that were used for signing transactions.” This comes weeks after the crypto exchange was targeted by a cyberattack resulting in the theft of digital assets exceeding Rs 2,000 crore from one of its multisig wallets.
As part of this investigation, one of their tasks was to determine if any of the three laptops used by WazirX team members for performing transactions had been compromised, WazirX said in a blog post on Monday.
While a detailed report is forthcoming, the findings largely indicate that the issue leading to the cyberattack originated from Liminal. The wallet that was attacked was managed using Liminal’s digital asset custody and wallet infrastructure.
A spokesperson for WazirX said, “We have full faith in the investigating agency and shall cooperate with them to the fullest extent. We are actively working on recovering the stolen funds and are hopeful that those responsible will be brought to justice."
Meanwhile, digital assets security firm Liminal Custody questioned the scope and methodology of the audit that this agency has conducted. "If one were to go by the information they’ve shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture, given that they were the custodians for 5 of the 6 keys," Liminal Custody said in a statement.
It said, "As far as our front-end and UI is concerned, our preliminary audit reports categorically indicate no breach in our front-end or UI." Liminal said it has empanelled more than one reputed independent auditors to conduct forensic analysis and that its detailed reports are expected to arrive within this week.
"We are confident that the Liminal front-end and UI were not compromised..It is unfortunate that this is being made out into a Liminal vs WazirX social media battle while so many users continue to suffer. In the interest of absolute transparency at our end, we have empanelled more than one reputed auditors and are open to empanelling additional auditors, including the likes of Mandiant to conduct the UI audit as well," it added in the statement.
Last week, the crypto exchange said it is ending its custody arrangement with Liminal Custody. "We are in the process of migrating the remaining assets held with Liminal to new multisig wallets. This step is essential to ensure maximum security of the assets in light of recent events. While we believe our interface and systems remain uncompromised, the same cannot be said for the custodian's interface post the July 18th incident, prompting this precaution," it said on X.
Earlier this month, WazirX had filed an FIR with Delhi Special Cell stating that the crypto exchange was using digital assets wallet management software of Liminal for conducting transactions and that no transaction would get executed without the final authorisation and approval of Liminal.
The complaint stated that the multisig wallets had six signatories, from which five were of the WazirX and one from Liminal. All transactions from the multisig wallet required approval from three members of WazirX, followed by the final authorisation from Liminal. In the regular course of business, the complaint stated, WazirX would transfer crypto assets from their multisig wallet to their Hot wallet to process customer withdrawals.
All the addresses where the transactions took place were whitelisted by Liminal in advance, and only those wallets were eligible to receive and send the crypto funds. On July 18, when members of WazirX were trying to perform certain transactions, they came across ‘error’ messages on Liminal platform.
Subsequently, a particular Liminal wallet had been completely drained without any authorisation in that regard by WazirX and large funds were transferred to unauthorised addresses. Eventual investigations revealed that hackers had stolen funds to the tune of $234 million kept in Liminal's custody. Apart from filing the FIR and appointing forensic auditors to get to the root cause of the cyberattack, WazirX has also reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In.