Wazir X issued a report on Thursday, with new revelations of the 5 million hack, stating all indicators point to the custody service provider it relies on, Liminal Custody. According to the report, the custodian may have suffered a security breach, causing it to approve a transaction to a fraudulent wallet address. Nothing seemed suspicious at the surface level. “In this cyber attack, the malicious transactions involved signatures from three WazirX signers and one from Liminal, confirming the use of Liminal’s infrastructure,” the report read. Liminal’s MPC (multi-party computation) wallet comprises one key controlled by it, which must sign transactions for them to occur. This feature ensures the custodian keeps an eye out for illicit transaction requests, only signing transactions to
Topics:
Suraj Manohar considers the following as important: Crime, Exchange News, News
This could be interesting, too:
Chayanika Deka writes Russian Investigator Sentenced to 16 Years for Accepting M Bitcoin Bribe from Hackers
Chayanika Deka writes UN Agency Calls for Urgent Action on Crypto-Enabled Crimes in Southeast Asia
Temitope Olatunji writes X Empire Unveils ‘Chill Phase’ Update: Community to Benefit from Expanded Tokenomics
Bhushan Akolkar writes Cardano Investors Continue to Be Hopeful despite 11% ADA Price Drop
Wazir X issued a report on Thursday, with new revelations of the $235 million hack, stating all indicators point to the custody service provider it relies on, Liminal Custody. According to the report, the custodian may have suffered a security breach, causing it to approve a transaction to a fraudulent wallet address. Nothing seemed suspicious at the surface level.
“In this cyber attack, the malicious transactions involved signatures from three WazirX signers and one from Liminal, confirming the use of Liminal’s infrastructure,” the report read. Liminal’s MPC (multi-party computation) wallet comprises one key controlled by it, which must sign transactions for them to occur. This feature ensures the custodian keeps an eye out for illicit transaction requests, only signing transactions to whitelisted wallets that fall within pre-approved amounts.
However, it seems Liminal’s interface experienced a hack, as the attacker manipulated the wallet address displayed. So, all WazirX key holders, three of whom signed this transaction, and Liminal’s key holder saw a whitelisted address when, in fact, the transfer happened to a completely different one belonging to the hacker.
Moreover, the HSMs (hardware security modules), commonly called hardware wallets, used to sign these transactions do not display the receiver’s address. That means the hacker’s attempt at manipulating Liminal’s interface was the only thing needed.
“In Ethereum, when signing an ERC20 transaction, the hardware device involved in signing does not display the token or the destination address. This blind signing is a standard procedure for anyone using such a multisig wallet on Ethereum.”
The exchange elaborated, “To ensure that the WazirX signers knew what they were signing, they relied on the transfer details displayed on the Liminal website, which shows the token being signed and the destination address.”
Furthermore, WazirX brought a concerning fact to light. “The malicious transaction which got signed, upgraded the contract to transfer the control to the attacker.” It claimed that it received “representation” from Liminal stating otherwise.
Liminal previously claimed that the hack did not occur due to breaches at their end. It is yet to respond to these new developments.