Upon conducting a preliminary investigation, WazirX announced that there was no evidence to suggest that the machines of WazirX signers were compromised during the recent cyber attack on its multi-signature Ethereum wallet. Despite this, the attack that took place earlier this month has sparked concern and scrutiny within the crypto community.
Initially, the exchange attributed the hack to an issue with its custody service provider, Liminal’s user interface. However, Liminal refuted these claims in its investigation report on July 19, stating that its infrastructure was not at fault and pointing towards compromised hardware wallets as the primary cause of the breach.
WazirX emphasized that their ongoing forensic analysis has not detected any signs of malware or tampering on the devices of their signers. The attacked wallet required signatures from three WazirX signers and one from Liminal. Malicious transactions were signed using devices from different locations, accessing the legitimate Liminal website.
WazirX outlined two potential scenarios to explain the breach. The first involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a compromise in their system. The second scenario suggests a compromise of WazirX signers’ devices by malware, although no initial evidence supports this claim.
The exchange stressed that the malicious transactions did not originate from WazirX servers, indicating a potential breach in Liminal’s security. The hack, which occurred on July 18, resulted in the theft of approximately 45% of the crypto held by WazirX, leading to a temporary halt in operations.
Despite the breach, WazirX reassured users that their fiat currency deposits remained secure and that they are working with authorities to resume services once a viable solution is found. The exchange is also exploring partnerships to compensate affected customers.
Cybersecurity experts have speculated the involvement of the North Korean Lazarus Group in the attack, known for their sophisticated cyber attacks on financial institutions and crypto exchanges. The incident highlights the challenges of securing multi-signature wallets, particularly the risks associated with “blind signing.”
WazirX claimed to have implemented industry-standard best practices, including verifying website URLs, using reputable platforms, and employing multi-factor authentication. Despite these measures, the attack serves as a wake-up call for the crypto industry to continually improve security protocols.
The cyber attack on WazirX underscores the importance of robust cybersecurity measures in safeguarding digital assets. As the crypto landscape continues to evolve, exchanges must remain vigilant against sophisticated threats and prioritize the protection of user funds.