Summarize

Simplifying... Inshort

Liminal Custody, a digital asset firm, denies involvement in a $230 million hack, pointing the finger at crypto exchange WazirX instead.
An audit by Grant Thornton found no evidence of a breach within Liminal's systems, while Liminal questioned the thoroughness of WazirX's own audit.
The ongoing dispute highlights wider issues of security and accountability in the cryptocurrency industry.

Was a long read? Making it simpler...

Next Article

No security flaws found within Liminal's systems

Liminal Custody denies role in $230 million hack, blames WazirX

By Akash Pandey

Sep 09, 2024

06:56 pm

What's the story

Liminal Custody, a digital asset custodian, has refuted allegations of its involvement in the $230 million cyberattack that took place on July 18, 2024. The company commissioned an independent audit by Grant Thornton, which found no security flaws within Liminal's systems. Liminal has suggested that the breach may have originated from WazirX's end.

Audit findings

Grant Thornton's audit clears Liminal

The audit conducted by Grant Thornton, a leading global audit firm, confirmed that the breach likely originated externally and not from within Liminal's infrastructure. It found no evidence of compromise in Liminal's frontend, backend, or the User Interface (UI). "Our preliminary reports identified a discrepancy between the data payloads created by our system and those received from the client's system," stated Liminal Custody.

Security assurance

Liminal Custody's wallet infrastructure remains secure

Liminal Custody emphasized the security of its self-custody wallet infrastructure, where most private keys are held by clients. The company stated that transactions can only be initiated from the client's end, not by Liminal itself. This assertion further supports their claim that the breach likely occurred elsewhere and not within their systems.

Audit dispute

WazirX's audit findings and Liminal's response

In response to the cyberattack, WazirX had also commissioned a forensic analysis by Mandiant Solutions, a Google subsidiary. The preliminary report from Mandiant suggested that the laptops used for signing transactions were not compromised. However, Liminal Custody questioned the scope and methodology of WazirX's audit, arguing that the security of WazirX's network infrastructure and custody controls should be scrutinized, due to their role in managing five out of six keys involved in the breach.

Ongoing dispute

Escalating tensions between Liminal and WazirX

The dispute between Liminal Custody and WazirX has escalated since the cyberattack. WazirX accused Liminal Custody of failing to secure the multi-sig wallet, leading to a significant asset loss. Meanwhile, Liminal Custody maintains that their systems were secure, and that the breach likely stemmed from vulnerabilities on WazirX's side. This ongoing disagreement underscores broader concerns about security and accountability within the cryptocurrency industry.