- WazirX claims Mandiant’s forensic report found no compromise in its IT systems during the $230 million breach.
- Liminal Custody denies responsibility for the breach, questioning WazirX’s security controls as the custodian of most keys.
- WazirX and Liminal Custody’s ongoing investigation focuses on the compromised multisig wallet and security measures.
Nearly a month after the $230 million security breach, WazirX has refuted claims that their IT systems were compromised. According to a forensic investigation led by cybersecurity firm Mandiant Solutions, a subsidiary of Google, the crypto exchange maintains that its laptops used to sign transactions remained secure. Instead, WazirX attributes the breach to its wallet service provider, Liminal Custody, challenging the initial narrative surrounding the incident.
Mandiant’s Forensic Report Points to Liminal Custody
WazirX revealed the findings from Mandiant’s forensic report, asserting that the breach originated from Liminal’s digital asset custody and wallet infrastructure. The investigation highlights that the compromised wallet was managed by Liminal’s platform, not by WazirX’s internal systems. WazirX was quick to highlight that the preliminary investigation had not found any evidence of compromised IT systems within their operations.
However, Liminal Custody has denied these claims, stating that their systems were not compromised. The company has argued that the report shared by WazirX raises concerns about the security of WazirX’s network infrastructure, operational custody controls, and overall security posture, given that WazirX managed five out of the six keys to the affected multisig wallet.
Liminal Custody to Release Their Forensic Analysis
In response to WazirX’s statements, Liminal Custody announced that they will soon release their forensic report. The company emphasized the need to investigate further, particularly since WazirX had control over the majority of the keys in the compromised multisig wallet. Liminal’s upcoming report aims to shed more light on the security measures and operational controls at WazirX.
Nischal Shetty, CEO of WazirX, took to X (formerly Twitter) to voice his concerns, stating that the company has yet to receive credible answers from Liminal regarding the incident. WazirX remains firm in its stance that the breach stemmed from Liminal’s infrastructure, not its own.
Security Concerns Heightened as Investigations Continue
The breach led WazirX to temporarily suspend most of its operations while investigations continued. The affected multisig wallet, which required multiple private keys to unlock and withdraw funds, had six signatories. Notably, five of these keys were managed by WazirX, while one was under Liminal Custody’s control.
As both companies await the final forensic reports, the security breach at WazirX continues to spark concerns over the integrity of crypto exchanges and their third-party service providers. The ongoing investigation aims to clarify the circumstances that led to the breach, with the spotlight now on both WazirX and Liminal Custody’s security practices.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
