TheCryptoDesk

“Liminal Custody Cleared of Responsibility for $230 Million WazirX Hack, Audit Confirms”

“`html

On September 9, an independent audit conducted by Grant Thornton revealed that the staggering $230 million hack of the WazirX exchange, which took place in July 2024, did not originate from Liminal Custody’s infrastructure. This critical finding has significant implications for both entities involved in the incident.

Audit Findings Clear Liminal Custody

In a blog post released by Liminal Custody, the audit findings concluded that the breach occurred outside of its system, effectively exonerating the Singapore-based crypto custodian from any direct involvement in the exploit. This conclusion has stirred conversations among the crypto community regarding accountability and security measures post-hack.

Following the hack, an influential crypto commentator remarked on social media, “WazirX auditor says their systems are clean and they’re not at fault. Liminal auditor says their systems are clean and they’re not at fault. So did users instruct hackers to take their funds?” This statement captures the growing confusion and frustration surrounding the blame game between the two parties.

Background on the WazirX Hack

The hack that hit the Indian crypto exchange WazirX in July 2024 resulted in the theft of over $230 million in user funds. Initially, WazirX suspected that potential vulnerabilities in the interface between Liminal Custody and its transaction data could have facilitated the breach. However, the thorough audit by Grant Thornton found no evidence linking Liminal’s infrastructure to the hack.

Grant Thornton was specifically commissioned to investigate any potential involvement of Liminal Custody in the breach. After a comprehensive evaluation of both the frontend and backend systems of Liminal, the audit determined that the custodian’s systems were intact and unaffected by the breach.

Liminal Custody’s Security Measures

Liminal Custody highlighted that its multi-signature wallet model, which allows clients to control their own private keys, played a critical role in safeguarding their systems. According to their statement, all transactions initiated on their platform occur at the client’s directive, suggesting that the breach may likely have originated from the client side rather than from Liminal’s infrastructure.

Despite the audit clearing Liminal of any wrongdoing, the company emphasized that a comprehensive review of the incident is still necessary to clarify the true nature of the breach and its source. The back-and-forth blame between WazirX and Liminal underscores the complexity and urgency for clearer accountability in the crypto space.

WazirX’s Response and User Backlash

In the aftermath of the hack, WazirX proposed a controversial “socialized loss strategy,” which would allow users to recover only 55% of their lost funds while retaining 45% in Tether (USDT) tokens on behalf of the exchange. This proposal was met with significant backlash from users, who accused WazirX of shirking full responsibility for the hack.

The severe criticism ultimately led WazirX to retract its plan and instead pledge to seek alternative compensation methods for users affected by the breach. Additionally, WazirX has taken steps to enhance security by transferring assets to new multi-signature wallets in an attempt to restore trust and mitigate future risks.

Shifting Focus on WazirX’s Security Infrastructure

While the root cause of the hack remains uncertain, Grant Thornton’s audit has shifted the focus toward potential vulnerabilities in WazirX’s own systems rather than any faults found within Liminal Custody. The reliable infrastructure of Liminal, in conjunction with its multi-signature wallet requiring client authorization, significantly minimizes the likelihood of the breach stemming from their platform.

As the aftermath of the WazirX hack unfolds, stakeholders in the crypto industry are left grappling with questions around security, accountability, and the necessary measures to protect user assets from future threats.

“`

Visited 23 times, 1 visit(s) today