Liminal’s post-mortem report on the WazirX hack attributes the attack to compromised devices rather than its user interface, highlighting security vulnerabilities in device management.
Points
- Liminal’s post-mortem report attributes the WazirX hack to compromised devices.
- The hack involved manipulating transaction hashes and exploiting a multisig wallet configuration.
- Liminal denies UI responsibility, pointing to compromised WazirX devices.
- The attack resulted in a loss of $235 million, the largest since the DMM exploit.
- Security measures and vulnerabilities in device management are key issues.
Liminal’s Post-Mortem Report on WazirX Hack
Multiparty computation (MPC) wallet provider Liminal released a post-mortem report on the WazirX hack, claiming that the attack resulted from compromised devices rather than issues with its user interface (UI). According to the report, three WazirX devices were compromised, allowing the attacker to manipulate transaction hashes and exploit a multisignature wallet configuration.
Cointelegraph
Details of the Attack
Liminal’s report states that the compromised WazirX devices initiated valid transactions, which were then manipulated by the attacker. The attacker replaced the transaction hash with an invalid one, causing the transaction to fail and allowing them to extract signatures for a new, fraudulent transaction. This transaction was crafted to appear legitimate, using the Nonce from the failed transaction, which Liminal’s server then approved, resulting in the transfer of funds to the attacker’s Ethereum account.
Liminal’s Defense
Liminal denied that its servers caused incorrect information to be displayed through its UI, attributing the discrepancy to the compromised WazirX devices. The report highlighted that the multisig wallet was configured to provide a fourth signature if WazirX provided the other three, a setup requested by WazirX. This meant the attacker only needed to compromise three devices to perform the attack.
WazirX’s Statement
WazirX claimed that its private keys were secured with hardware wallets and that the attack stemmed from a discrepancy between the data displayed on Liminal’s interface and the actual transaction contents. Despite implementing robust security features, including requiring confirmations from multiple keyholders and using hardware wallets, the attacker still managed to breach these defenses.
Impact and Response
The attack resulted in the loss of an estimated $235 million, making it the largest centralized exchange hack since the DMM exploit in May 2023. WazirX called the attack a “force majeure event” and vowed to leave no stone unturned to locate and recover the funds.
Conclusion
The WazirX hack underscores the critical importance of robust security measures and vigilance in device management. While Liminal attributes the breach to compromised devices, the incident highlights the need for continuous improvement in security protocols to protect against sophisticated attacks.
解説
- Multiparty Computation (MPC): A cryptographic protocol that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private.
- Multisignature Wallet (Multisig): A type of digital wallet that requires multiple private keys to authorize a transaction, enhancing security by distributing control among several parties.
- Nonce: A unique number used once in cryptographic communication, often to ensure that old communications cannot be reused in replay attacks.
- Force Majeure: A contractual clause that frees both parties from liability or obligation when an extraordinary event or circumstance beyond their control occurs.
- Ethereum Account: A digital wallet on the Ethereum blockchain used to store, send, and receive Ether and other tokens.