No Evidence That WazirX Attack Originated On Liminal’s Web App: Grant Thornton
Grant Thornton found "no evidence of any compromise or vulnerabilities related to the transaction workflow."
Multinational professional services Grant Thornton reported that there was no evidence that the attack on Indian cryptocurrency exchange WazirX's wallet originated on Liminal Custody Solutions' web application.
Grant Thornton said that it conducted a comprehensive review of the web application, including the front-end, user interface and back-end of Liminal’s infrastructure and found "no evidence of any compromise or vulnerabilities related to the transaction workflow."
Liminal's preliminary reports identified a mismatch between the data shared by Liminal and the payload received from their client's systems. This indicated two potential possibilities—the first being a potential compromise either at the client's end or within their front-end systems, resulting in the need for further investigations, according to the firm.
"Based on these findings, the likelihood of the issue originating from outside Liminal's infrastructure and systems has increased," Liminal stated.
Indian cryptocurrency exchange WazirX suffered a security breach that compromised one of its wallets, resulting in theft of over $230 million in digital assets, according to a post from the firm on X (formerly known as Twitter) on July 19, 2024. The stolen funds made up more than 45% of WazirX’s $500 million holdings, according to an earlier report.
The Indian cryptocurrency exchange had announced a $24-million bounty on July 22, 2024, to recover the money that was lost. It had also invited white-hat hackers, blockchain experts, and cybersecurity experts to join the bounty programme. It was the largest bounty announced for such a programme.
Zettai Pte., the parent company of WazirX, had initiated insolvency proceedings in Singapore after the cyberattack.
Under the restructuring of its crypto balances, WazirX has prioritised distribution of the remaining token assets to users in a pro-rata manner through crypto and not fiat. Of the available funds, about 45% were required as costs for the restructuring, and only about 55% of the money was to be returned to customers.
