WazirX Hack Most Likely Linked to Its Custodian’s Systems Failing

Wazir X issued a report on Thursday, with new revelations of the $235 million hack, stating all indicators point to the custody service provider it relies on, Liminal Custody. According to the report, the custodian may have suffered a security breach, causing it to approve a transaction to a fraudulent wallet address. Nothing seemed suspicious at the surface level.

“In this cyber attack, the malicious transactions involved signatures from three WazirX signers and one from Liminal, confirming the use of Liminal’s infrastructure,” the report read. Liminal’s MPC (multi-party computation) wallet comprises one key controlled by it, which must sign transactions for them to occur. This feature ensures the custodian keeps an eye out for illicit transaction requests, only signing transactions to whitelisted wallets that fall within pre-approved amounts.

However, it seems Liminal’s interface experienced a hack, as the attacker manipulated the wallet address displayed. So, all WazirX key holders, three of whom signed this transaction, and Liminal’s key holder saw a whitelisted address when, in fact, the transfer happened to a completely different one belonging to the hacker.

Moreover, the HSMs (hardware security modules), commonly called hardware wallets, used to sign these transactions do not display the receiver’s address. That means the hacker’s attempt at manipulating Liminal’s interface was the only thing needed.

“In Ethereum, when signing an ERC20 transaction, the hardware device involved in signing does not display the token or the destination address. This blind signing is a standard procedure for anyone using such a multisig wallet on Ethereum.”

The exchange elaborated, “To ensure that the WazirX signers knew what they were signing, they relied on the transfer details displayed on the Liminal website, which shows the token being signed and the destination address.”

Furthermore, WazirX brought a concerning fact to light. “The malicious transaction which got signed, upgraded the contract to transfer the control to the attacker.” It claimed that it received “representation” from Liminal stating otherwise.

Liminal previously claimed that the hack did not occur due to breaches at their end. It is yet to respond to these new developments.

The post WazirX Hack Most Likely Linked to Its Custodian’s Systems Failing appeared first on Live Bitcoin News.