Liminal says infrastructure was not responsible for WazirX hack, blames compromised devices

Liminal says infrastructure was not responsible for WazirX hack, blames compromised devices
фото показано с : cryptoslate.com

2024-7-21 00:30

Multiparty computation (MPC) wallet provider Liminal said its infrastructure remains safe and was not compromised in the recent hack of India-based crypto exchange WazirX.

The firm made the statement in its post-mortem report on July 19. The report attributes the breach to compromised devices within WazirX’s network, clarifying that Liminal’s user interface (UI) was not responsible.

The exchange had earlier stated that the attack occurred due to a discrepancy between the data displayed on Liminal’s interface and the actual contents of the transactions. WazirX said its private keys were secured with hardware wallets.

Liminal’s post-mortem

According to Liminal, the July 18 breach, which resulted in an estimated $235 million loss, occurred because three of WazirX’s devices were compromised.

Liminal explained that its multi-signature wallet system was configured to provide a fourth signature if three valid signatures were received from WazirX. This setup allowed the attacker to exploit the compromised devices.

Liminal’s report detailed that the attack began when one of WazirX’s compromised devices initiated a legitimate transaction involving Gala Games tokens (GALA). Liminal’s server verified the transaction’s validity by issuing a “safeTxHash.” However, the attacker replaced this hash with an invalid one, causing the transaction to fail.

According to the firm:

“The fact that the attacker could alter the hash suggests that WazirX’s device was compromised before the transaction attempt.”

The report explained that the compromised devices at WazirX provided legitimate transaction details, which the attacker manipulated. In each of the three initial transactions, the attacker used different WazirX admin accounts, leading to transaction failures due to signature mismatches.

The attacker then extracted the signatures from these failed transactions to initiate a new, fourth transaction, which was crafted to appear legitimate to Liminal’s system.

Because this fourth transaction used valid details and the nonce from a previously failed transaction, it was approved by Liminal’s server, resulting in the transfer of funds from the multisig wallet to the attacker’s Ethereum account.

Refuting WazirX claims

Liminal refuted the exchange’s claims that its servers caused incorrect information to be displayed, asserting that the compromised WazirX devices sent malicious payloads. The firm said:

“Given that three devices of the victim’s shared transactions sent out malicious payloads to Liminal’s server, we have reason to believe that the local machines were compromised.”

The MPC provider highlighted that its system automatically provides the final signature once the required number of valid signatures is received from the client.

In this instance, the transaction was authorized by three WazirX employees. The multisig wallet, as per the exchange’s configuration, was deployed and imported into Liminal’s system at WazirX’s request.

However, the post-mortem report leaves some critical questions unanswered, including how the attacker initially gained access to the three WazirX devices. Liminal suggested that a sophisticated man-in-the-middle (MIM) attack or similar client-side compromise is likely responsible.

WazirX said in its post-mortem that despite the use of robust security measures — including hardware wallets and a whitelist for destination addresses — the attacker managed to breach these defenses in a “force majeure event.”

The exchange has yet to publicly address the Liminal’s findings and did not respond to a request for comment as of press time. WazirX’s last update on the matter stated that it has reached out to law enforcement and is pursuing “additional legal actions.”

It added that the immediate plan of action is to trace the stolen funds and conduct a “deeper analysis” of the breach in concert with forensic experts to recover the customer funds.

The post Liminal says infrastructure was not responsible for WazirX hack, blames compromised devices appeared first on CryptoSlate.

origin »

Bitcoin price in Telegram @btc_price_every_hour

RSK Infrastructure Framework (RIF) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 RIF

hack compromised wazirx liminal infrastructure exchange crypto

hack compromised → Результатов: 96


Coincheck Crypto Exchange Clients’ Data Compromised After Hacker Breached Its Domain

Japan-based cryptocurrency exchange, Coincheck, announced yet another hack – this time about 200 customers data was compromised after a domain account error. According to an official statement from the corporate desk of Coincheck, a third party was able to gain unauthorized access to one of the exchange’s domains from May 31st to June 1st. Coincheck’s […]

2020-6-3 18:35


Facebook Data Hack : Will Blockchain Be of Help?

Although data hacks appear to be a consistently growing threat to the virtual economy, nothing quite brings the conversation back to the table than the recent Facebook saga. If you somehow missed the recent events of October 2018, Facebook founder and CEO Mark Zuckerberg confirmed that the platform had been compromised by hackers, subsequently resulting The post Facebook Data Hack : Will Blockchain Be of Help? appeared first on ItsBlockchain.

2018-10-29 13:08


Фото:

Complete refunds guaranteed by a ICO platform after being involved in a $7 million hacking incident

Initial coin offering support platform KickICO lost $7.7 million in KICK tokens in a hack on Thursday, the company reported. CEO Anti Danilevski wrote in a blog post that the startup’s team discovered some 70 million KICK tokens missing from its wallet after the KickCoin smart contract owner’s private key was compromised. Several users’ wallets

2018-7-27 22:31