📣 WazirX Discloses Hacking Investigation Details
posted 25 Jul 2024
The exchange asserts that their computers showed no signs of compromise during the recent incident, pointing to the breach of their custodian, Liminal Custody, as the main factor.
Liminal Custody initially denied any security problems, but WazirX maintains that the hackers exploited Liminal’s infrastructure for their fraudulent transfers.
WazirX proposed two scenarios for the incident: either the hackers accessed the funds by breaching Liminal's infrastructure alone or by compromising both Liminal and WazirX. The team leans towards the first scenario but insists that Liminal's infrastructure was compromised in any case.
The exchange also provided several points supporting the custodian breach theory:
- No new connections to hardware wallets were identified.
- The malicious request originated from a whitelisted address.
- Token names and destination addresses matched expectations within Liminal's interface.
Additional details indicate that during the attack, the hacker altered a smart contract's code and took control of it, despite Liminal's interface supposedly preventing this. The exchange also debunked claims that some fraudulent transactions were signed before the attack. The hacker had prepared the necessary smart contracts by July 10 but did not interact with WazirX until July 18.
WazirX is calling on developers and security experts to engage in discussions about the incident and provide recommendations to prevent similar breaches in the future.