WazirX, the India-based crypto exchange that recently suffered a hack, has announced that its preliminary investigation found no evidence of compromised devices belonging to WazirX signers. In a blog post published on July 25, the exchange stated that their forensic analysis did not uncover any signs of malware or tampering on the devices that were used to sign the malicious transactions.
Initially, WazirX had blamed its custody service provider, Liminal, for the hack, citing an issue with Liminal’s user interface. However, Liminal released an investigation report on July 19, stating that their infrastructure was not responsible and that compromised hardware wallets were the likely cause.
WazirX’s investigation revealed that the attack involved legitimate signatures from both WazirX and Liminal signers. This led the exchange to believe that there may have been a breach within Liminal’s system. The exchange outlined two possible scenarios to explain the breach: a breach within Liminal’s infrastructure or a compromise of WazirX signers’ devices. However, no preliminary evidence has been found to support the latter scenario.
The hack, which occurred on July 18, resulted in the theft of approximately 45% of the crypto held by WazirX. The exchange has assured users that their fiat currency deposits remain safe. WazirX is currently working with relevant authorities and exploring possible partnerships to compensate affected customers.
Cybersecurity experts have suggested that the notorious North Korean Lazarus Group may be behind the attack. This group is known for its advanced cyber attacks on financial institutions and crypto exchanges.
The incident highlights the challenges of securing multi-signature wallets, particularly the risks associated with “blind signing” where transaction details are not displayed on hardware wallets. WazirX stated that it had implemented industry-standard best practices to enhance security.