BENGALURU: Singapore-headquartered Liminal Custody, which is an estranged security partner of WazirX, on Monday claimed that as per the audit findings, the breach might have occurred from the crypto exchange side.
A cyberattack on WazirX recently led to the theft of about Rs 2,000 crore worth of funds.
Liminal said audit and forensics company Grant Thornton has conducted a comprehensive review including the front end, user interface (UI) and backend of its infrastructure, which concluded that there was no evidence that the attack originated on its web application.
"In the wake of the security incident on July 18, 2024 involving one of our Singapore customers, our Singapore entity has been conducting extensive reviews to thoroughly investigate the matter. Our two-pronged approach involved in-house examinations as well as engaging renowned, independent third-party auditors to conduct comprehensive reviews of our infrastructure," it said.
Pointing out its key findings, Liminal said preliminary reports identified a mismatch between the data shared by Liminal and the payload received from the client's systems. "This indicated two potential possibilities: a potential compromise either at the client's end or within our frontend systems... We now have multiple reviews which conclude that Liminal's frontend, backend and user interface (UI) are found with no evidence of any compromise or vulnerabilities related to the transaction workflow."
It said all transactions originate at its client's end first. But WazirX had blamed Liminal Custody. Google subsidiary Mandiant Solutions was hired by WazirX for a forensic analysis, which provided a clean chit to the crypto exchange recently.