Digital asset custody firm Liminal Custody has alleged that a cyberattack that hit its security partner and cryptocurrency exchange WazirX originated from WazirX, according to an audit.
Audit firm Grant Thornton conducted a comprehensive review of Liminal Custody's web application, including the front-end, user interface (UI) and back-end. The audit firm stated that they found no evidence of a cyber attack originating from Liminal Custody's web application.
Earlier, WazirX had held Singapore-based Liminal Custody responsible for a cyber attack on its infrastructure in July that led to the theft of around Rs 2,000 crore.
Liminal Custody said its investigation found in a preliminary report inconsistencies between the data it shared and the payloads it received from customers' systems.
“This indicates two possibilities: a potential compromise either on the client side or within our front-end systems and requires us to investigate whether there has been a compromise of our front-end systems,” Liminal Custody said.
“We engaged multiple reputable auditing firms, including Grant Thornton, a leading global auditing firm, to further investigate the discrepancies. Now, after multiple reviews, we have concluded that there is no evidence of a compromise or vulnerability in Liminal's front-end, back-end or UI related to trading workflows,” it added.
The company said that based on the findings, the likelihood of external cyber attacks on its infrastructure and systems has increased.
The WazirX cyber attack took place on July 18, resulting in the theft of over $230 million (approximately Rs 20 billion) in digital assets. The breach involved a multi-sig wallet with six signatories (five from WazirX and one from Liminal Custody).
The security breach caused WazirX to lose approximately 45% of its holdings.
WazirX had engaged Google subsidiary Mandiant Solutions to conduct a forensic analysis. Mandiant's preliminary report stated that the WazirX laptop used to sign the transaction was not compromised, but Liminal Custody has questioned the scope and methodology of WazirX's audit.
Liminal Custody argued that the security of WazirX's network infrastructure and custody management needed to be scrutinized.
WazirX allows users to buy, sell, and trade various cryptocurrencies including Bitcoin, Ethereum, etc. Launched in 2018, it offers a platform for spot trading, staking, and peer-to-peer trading, with features such as a native utility token (WRX) and integration with global cryptocurrency exchange Binance.
