The recent hack on India-based crypto exchange WazirX has brought attention to the importance of security in multiparty computation (MPC) wallets. Liminal, an MPC wallet provider, clarified in its post-mortem report that its infrastructure was not compromised during the breach. The report attributed the hack to compromised devices within WazirX’s network, emphasizing that Liminal’s user interface was not responsible for the security breach.
According to Liminal, the breach on July 18 resulted in an estimated loss of $235 million due to three of WazirX’s devices being compromised. The attacker exploited Liminal’s multi-signature wallet system by configuring it to provide a fourth signature if three valid signatures were received from WazirX. This setup allowed the attacker to manipulate legitimate transaction details provided by the compromised devices at WazirX. The attacker then extracted signatures from failed transactions to initiate a new transaction, transferring funds to their Ethereum account.
Liminal refuted claims made by WazirX that incorrect information was displayed due to Liminal’s servers. The firm clarified that the compromised WazirX devices sent malicious payloads, indicating that the local machines were compromised. It is crucial to understand that security breaches in MPC wallets can have serious consequences, highlighting the need for robust security measures to prevent unauthorized access and fraudulent activities.
Despite the detailed post-mortem report provided by Liminal, some critical questions remain unanswered, such as how the attacker initially gained access to the three WazirX devices. The report suggested a sophisticated man-in-the-middle (MIM) attack or a client-side compromise as potential causes. WazirX has stated that it is working with law enforcement and pursuing additional legal actions to trace the stolen funds and conduct a deeper analysis of the breach with forensic experts to recover customer funds.
The recent hack on WazirX serves as a wake-up call for the crypto industry to prioritize security in MPC wallets. Security breaches can have far-reaching consequences, affecting not only the exchange’s reputation but also the funds and trust of its customers. It is imperative for companies to invest in robust security protocols, conduct regular security audits, and collaborate with experts to ensure the safety of digital assets.