Upon initial investigation, WazirX has stated that there is no evidence to suggest that their signers’ machines were compromised during the recent cyber attack on its multi-signature Ethereum wallet. This attack, which took place earlier this month, has brought about a great deal of concern and scrutiny within the cryptocurrency community. The exchange initially placed blame on their custody service provider, Liminal, citing issues with their user interface as the cause of the hack. However, Liminal has refuted these claims in their July 19 investigation report, stating that their infrastructure was not at fault and pointing towards compromised hardware wallets as the likely source of the breach.
WazirX has stressed that their ongoing forensic analysis has not revealed any signs of malware or tampering on the signers’ devices. The wallet that was targeted in the attack required signatures from three WazirX signers and one from Liminal. The fact that the malicious transactions were signed using devices at different locations, all accessing the legitimate Liminal website, has raised questions about the authenticity of the site. Despite the robust security measures in place, the fact that the attack involved legitimate signatures suggests a potential breach within Liminal’s system, according to WazirX.
WazirX has outlined two possible scenarios to explain the breach. The first scenario involves a breach within Liminal’s infrastructure, where malicious transactions were received directly from Liminal due to a compromise of their system. This scenario is currently considered more likely due to the absence of new connection requests to hardware wallets and the use of whitelisted addresses. The second scenario involves the compromise of WazirX signers’ devices by malware, but no concrete evidence has been found to support this theory. This scenario would also require a breach of Liminal’s firewall in order to obtain the final signature.
The cyber attack on WazirX, which occurred on July 18, resulted in the theft of approximately 45% of the crypto it held, leading to the suspension of operations. However, the exchange has assured users that their fiat currency deposits remain secure. WazirX is currently collaborating with relevant authorities and exploring potential partnerships to reimburse users affected by the hack. Cybersecurity experts have speculated that the North Korean Lazarus Group, known for its sophisticated attacks on financial institutions and crypto exchanges, may be involved in the incident.
This incident underscores the evolving challenges associated with securing multi-signature wallets, particularly the risks associated with “blind signing.” Blind signing occurs when hardware wallets do not display transaction details, making it difficult to detect fraudulent activity. Despite implementing industry-standard best practices such as verifying website URLs, using reputable platforms, and implementing multi-factor authentication, WazirX fell victim to this attack, highlighting the importance of constant vigilance in the cryptocurrency landscape.
The WazirX cyber attack incident serves as a stark reminder of the ever-present threat of cyber attacks in the cryptocurrency industry. It underscores the importance of robust security measures and ongoing monitoring to safeguard digital assets and protect users from malicious actors. As the industry continues to evolve, it is imperative for exchanges and service providers to stay ahead of emerging threats and prioritize the security of their platforms and users.
Leave a Reply