Upon conducting a preliminary investigation, WazirX reported that there was no evidence to suggest that the machines of WazirX signers were compromised in a recent cyber attack on its multi-signature Ethereum wallet. This attack, which took place earlier this month, raised concerns within the crypto community. Initially, the exchange attributed the hack to an issue with its custody service provider, Liminal’s user interface. However, Liminal denied responsibility in its investigation report and indicated that compromised hardware wallets were the likely source of the breach.
Forensic Analysis
WazirX’s ongoing forensic analysis has not revealed any signs of malware or tampering on the signers’ devices. The attacked wallet required signatures from three WazirX signers and one from Liminal. The transactions were signed using devices at different locations, accessing the legitimate Liminal website. Despite the stringent security measures in place, the attack involved legitimate signatures, leading to suspicions of a breach within Liminal’s system.
WazirX outlined two possible scenarios to explain the breach. The first scenario involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a compromise of their system. The absence of new connection requests to hardware wallets and the use of whitelisted addresses make this scenario more likely. The second scenario suggests a compromise of WazirX signers’ devices by malware, although there is no evidence to support this theory. It would also require a breach of Liminal’s firewall to obtain the final signature.
The malicious transactions did not originate from WazirX servers, pointing to a potential breach of Liminal’s security. The hack, which occurred on July 18, resulted in the theft of approximately 45% of the crypto held by WazirX, leading to a temporary halt in operations. Despite this, the exchange assured users that their fiat currency deposits remained secure. WazirX is collaborating with authorities and exploring partnerships to address the issue and resume services.
The incident underscores the challenges of securing multi-signature wallets, particularly the risks associated with blind signing, where hardware wallets do not display transaction details. WazirX had implemented industry standard practices, such as verifying website URLs, using reputable platforms, and employing multi-factor authentication. However, the breach highlighted the importance of continuous monitoring and updating security protocols to mitigate future risks.
The security breach at WazirX serves as a reminder of the ever-evolving threats in the crypto space. It emphasizes the need for constant vigilance, collaboration with experts, and the implementation of robust security measures to protect users’ assets in an increasingly digital world.
Leave a Reply