Synopsis
Liminal Custody announced that an independent audit by Grant Thornton cleared them of involvement in the $230 million cyberattack on July 18, 2024. The audit found no vulnerabilities within Liminal’s systems, suggesting the breach likely stemmed from WazirX’s end.
Liminal Custody stated on Monday, September 9, that an independent audit conducted by Grant Thornton has cleared them of any involvement in the $230 million cyberattack that occurred on July 18, 2024. According to Liminal Custody, the breach of the multi-signature (multi-sig) wallet was most likely due to vulnerabilities at WazirX’s end, not their own.
Grant Thornton’s audit clears Liminal Custody
Liminal Custody engaged Grant Thornton, a leading global audit firm, to conduct a thorough investigation into the incident. Grant Thornton’s audit confirmed that the breach likely originated from outside Liminal’s infrastructure. The audit found no evidence of compromise within Liminal’s frontend, backend, or User Interface (UI).
“Our preliminary reports identified a discrepancy between the data payloads created by our system and those received from the client’s system. This discrepancy indicated a potential compromise either at the client’s end or within our frontend systems,” said Liminal Custody. “However, our independent review by Grant Thornton has confirmed that Liminal’s systems remain secure, and the breach likely occurred elsewhere.”
Crypto TrackerTOP COIN SETSDeFi Tracker-0.06% BuyWeb3 Tracker-0.86% BuyNFT & Metaverse Tracker-4.26% BuySmart Contract Tracker-5.54% BuyCrypto Blue Chip – 5-6.91% BuyTOP COINS (₹) Bitcoin4,627,915 (1.19%)BuyEthereum193,709 (0.65%)BuyBNB42,291 (0.56%)BuyTether84 (-0.1%)BuySolana10,839 (-0.55%)Buy
Security of Liminal’s self-custody wallet
Did you Know?
The world of cryptocurrencies is very dynamic. Prices can go up or down in a matter of seconds. Thus, having reliable answers to such questions is crucial for investors.
View Details »
Liminal Custody emphasised that their self-custody wallet infrastructure, where the majority of private keys are held by clients, ensures that transactions are initiated solely from the client’s end. “Liminal cannot initiate transactions; they always originate at our client’s end first,” Liminal explained.
Background: WazirX’s audit findings
In a related development, WazirX had earlier engaged Mandiant Solutions, a Google subsidiary, to conduct a forensic analysis of the cyberattack. WazirX reported that their laptops used for signing transactions were not compromised, according to Mandiant’s preliminary report dated August 14. However, the full report is still pending, and WazirX has suggested that the issue might have originated from Liminal Custody.
The breach involved a multi-sig wallet with six signatories—five from WazirX and one from Liminal Custody. The incident resulted in WazirX losing nearly 45% of its holding assets.
In response to WazirX’s claims, Liminal Custody had raised concerns about the scope and methodology of WazirX’s audit. They argue that the security of WazirX’s network infrastructure and custody controls should be questioned, given their role in managing five of the six keys.
Tensions between Liminal Custody and WazirX
The dispute between Liminal Custody and WazirX has intensified since the cyberattack. WazirX accused Liminal Custody of failing to secure the multi-sig wallet, leading to the substantial asset loss. In turn, Liminal Custody maintains that their systems were secure and that the breach likely stemmed from vulnerabilities on WazirX’s side.
As both companies continue to navigate the fallout from the attack, tensions remain high, highlighting ongoing concerns about security and accountability within the cryptocurrency industry.
(Disclaimer: Recommendations, suggestions, views and opinions given by the experts are their own. These do not represent the views of Economic Times)