Liminal’s Post-Mortem Report on WazirX Hack

Background

Multiparty computation (MPC) wallet provider Liminal has released a post-mortem report on the recent hack of India-based crypto exchange WazirX. The report details the events surrounding the breach, which resulted in an estimated $235 million loss.

Liminal’s Infrastructure Remains Safe

Liminal’s infrastructure remains safe and was not compromised in the hack. The firm’s statement in its post-mortem report attributes the breach to compromised devices within WazirX’s network, clarifying that Liminal’s user interface (UI) was not responsible.

WazirX’s Devices Compromised

According to Liminal, the July 18 breach occurred because three of WazirX’s devices were compromised. The firm’s report explains that its multi-signature wallet system was configured to provide a fourth signature if three valid signatures were received from WazirX. This setup allowed the attacker to exploit the compromised devices.

The Attack

The attack began when one of WazirX’s compromised devices initiated a legitimate transaction involving Gala Games tokens (GALA). Liminal’s server verified the transaction’s validity by issuing a “safeTxHash.” However, the attacker replaced this hash with an invalid one, causing the transaction to fail.

Liminal’s Response

Liminal’s report detailed that the attack continued with the attacker extracting the signatures from the failed transactions to initiate a new, fourth transaction, which was crafted to appear legitimate to Liminal’s system. Because this fourth transaction used valid details and the nonce from a previously failed transaction, it was approved by Liminal’s server, resulting in the transfer of funds from the multisig wallet to the attacker’s Ethereum account.

Refuting WazirX Claims

Liminal refuted WazirX’s claims that its servers caused incorrect information to be displayed, asserting that the compromised WazirX devices sent malicious payloads. The firm said, “Given that three devices of the victim’s shared transactions sent out malicious payloads to Liminal’s server, we have reason to believe that the local machines were compromised.”

Conclusion

The post-mortem report highlights the importance of robust security measures and the need for vigilance in the face of sophisticated attacks. Liminal’s system was configured to provide a fourth signature if three valid signatures were received from WazirX, which allowed the attacker to exploit the compromised devices. The report also leaves some critical questions unanswered, including how the attacker initially gained access to the three WazirX devices.

FAQs

Q: What was the cause of the WazirX hack?

A: The hack was caused by compromised devices within WazirX’s network.

Q: Was Liminal’s infrastructure compromised?

A: No, Liminal’s infrastructure remains safe and was not compromised in the hack.

Q: What was the impact of the hack?

A: The hack resulted in an estimated $235 million loss.

Q: How did the attacker exploit Liminal’s system?

A: The attacker exploited Liminal’s system by using compromised devices within WazirX’s network to initiate a new, fourth transaction, which was crafted to appear legitimate to Liminal’s system.

Q: What is Liminal’s response to the hack?

A: Liminal has released a post-mortem report detailing the events surrounding the breach and has refuted WazirX’s claims that its servers caused incorrect information to be displayed.

Q: What is WazirX’s response to the hack?

A: WazirX has stated that it has reached out to law enforcement and is pursuing “additional legal actions” to trace the stolen funds and conduct a “deeper analysis” of the breach.