Liminal Blames Compromised WazirX Devices for Hack, Claims UI Not Responsible

Points

• Liminal releases a report on the WazirX hack, blaming compromised devices for the attack.
• The hack involved replacing transaction hashes with invalid ones.
• Liminal’s multisignature wallet setup allowed the hack to succeed.

Multiparty computation （MPC） wallet provider Liminal has released a post-mortem report on the July 18 WazirX hack, claiming that compromised devices, not its user interface, were responsible for the attack. According to the report, three WazirX devices were compromised, allowing the hacker to execute the attack.

Cointelegraph

How the Hack Occurred

Liminal’s report explains that the multisignature wallet was set up to provide a fourth signature if WazirX provided the other three. This setup meant the attacker only needed to compromise three devices to perform the attack. The hack involved replacing a valid transaction hash with an invalid one, causing the transaction to fail.

Compromised Devices

The report states that the fact the attacker could change the transaction hash indicates WazirX’s devices were already compromised before the transaction was attempted. The attacker initiated three transactions using different WazirX admin accounts. After these transactions failed, the attacker extracted signatures from them and used them to initiate a new transaction.

Liminal’s Defense

Liminal denied that its servers caused incorrect information to be displayed through its UI. Instead, it claimed that the compromised WazirX devices provided misleading transaction details. The multisig wallet setup by WazirX was imported into Liminal at WazirX’s request.

Conclusion

The WazirX hack, which resulted in an estimated $235 million loss, highlights the importance of securing devices and ensuring robust wallet configurations. Liminal’s report shifts the focus to compromised devices, emphasizing the need for comprehensive security measures.

解説

• Device Security: The hack underscores the critical need for securing devices involved in cryptocurrency transactions to prevent unauthorized access and manipulation.
• Multisignature Wallets: Proper configuration and security of multisignature wallets are essential to protect against coordinated attacks.
• Responsibility and Transparency: Liminal’s report emphasizes the importance of transparency and accountability in the aftermath of security breaches, providing valuable insights for the broader crypto community.