WazirX conducted a preliminary investigation and found no evidence to suggest that the machines of WazirX signers were compromised during the recent cyber attack on its multi-signature Ethereum wallet. This attack, which occurred earlier this month, has raised concerns within the crypto community. Despite initial speculation that the hack was due to an issue with their custody service provider, Liminal, it was later revealed that compromised hardware wallets may have been the cause of the breach.
WazirX emphasized that its ongoing forensic analysis did not uncover any signs of malware or tampering on their signers’ devices. The attacked wallet required the signatures of three WazirX signers and one from Liminal, the custody service provider. The malicious transactions were signed using devices at different locations, with each device accessing the legitimate Liminal website. Surprisingly, the hardware wallets did not detect any new connection requests, indicating that the website used was authentic.
Potential Breach Scenarios
The exchange outlined two possible scenarios that could explain the breach. The first scenario involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a potential compromise of their system. The absence of new connection requests to hardware wallets and the use of whitelisted addresses make this scenario more likely at the moment. The second scenario involves the compromise of WazirX signers’ devices by malware, which would require a breach of Liminal’s firewall to obtain the final signature.
Response to the Attack
Despite the rigorous security measures in place, the exchange believes that the legitimate signatures used in the attack point to a potential breach within Liminal’s system. The hack, which occurred on July 18, led to the theft of approximately 45% of the crypto held by WazirX, causing them to halt operations temporarily. However, the exchange assured users that their fiat currency deposits remained safe. WazirX is working with relevant authorities to resume services and is exploring possible partnerships to compensate affected customers.
Cybersecurity experts have suggested the involvement of the infamous North Korean Lazarus Group in the attack. This group is known for its advanced cyber attacks on financial institutions and crypto exchanges. The incident underscores the challenges of securing multi-signature wallets, especially the risks associated with “blind signing,” where hardware wallets do not display transaction details. WazirX stated that they had implemented industry-standard best practices, including verifying website URLs and using reputable platforms with multi-factor authentication.
The recent cyber attack on WazirX’s multi-signature Ethereum wallet has shed light on the vulnerabilities within the cryptocurrency industry. Despite the exchange’s efforts to maintain robust security measures, the breach serves as a reminder of the evolving threats faced by crypto exchanges and the importance of continual vigilance in safeguarding digital assets.
Leave a Reply