Key Points
- WazirX is ending its relationship with Liminal Custody after a $230 million security breach.
- The Indian cryptocurrency exchange is transitioning its assets to new multi-signature wallets to enhance security.
WazirX, a cryptocurrency exchange based in India, has decided to end its partnership with Liminal Custody. This decision comes after a major security breach in July, which saw the theft of approximately $230 million. This amount represents nearly half of the total funds held by the exchange’s customers.
In an effort to improve security and prevent future incidents, WazirX has announced that it is transferring its assets from Liminal to new multi-signature wallets. Despite the security of its internal systems, the breach was linked to issues with Liminal’s custody services. The move to new wallets is a precautionary measure to ensure maximum protection for user assets following the July 18th incident.
Transparency and User Reactions
Once the migration is complete, WazirX plans to disclose a list of the new wallets to increase transparency for its users. The exchange has also provided a method for users to track all blockchain transactions related to the hack, enabling them to monitor the status of their funds.
Liminal Custody, in a comprehensive post-mortem of the hack, stated that the fault did not lie with their systems. Instead, it was a compromise of WazirX’s own devices. The multi-signature wallet system used by WazirX consisted of six signatories, including Liminal and members of the WazirX team. For the attack to be successful, the attacker only needed to compromise three of these signatories.
The incident involved an attacker initiating a valid transaction from WazirX’s devices. Liminal’s server provided a “safeTxHash” to confirm this transaction. However, the attacker replaced this hash with an invalid one, resulting in the transaction’s failure. Using signatures from other transactions, the attacker was able to approve a new transaction, which was successfully processed on the Ethereum network.
Restoring User Balances
Following the breach, WazirX faced criticism from users due to delays in fund withdrawals and perceived lack of transparency. The exchange’s co-founder has asked for patience as they work to resolve these issues and enhance security.
WazirX has recently stated that it is in the process of restoring user balances. The exchange will use transaction records from the time of the hack to determine which users are eligible for reimbursement. To ensure a secure transfer of assets, trading and withdrawal functions have been temporarily suspended.
In addition to restoring balances, WazirX is implementing extra security measures to prevent future breaches. The exchange’s commitment to transparency and robust user protection practices will be critical in restoring confidence and creating a safer trading environment.