Wazirx Security Breach: Liminal’s Analysis Points to Deeper Issues
Liminal Custody has released an update addressing the allegations and misinformation surrounding the Wazirx security breach. The company clarified that while Wazirx blamed it for the incident, the exchange continued using Liminal’s infrastructure to manage user funds. Liminal emphasized it had no control over the wallets in question and criticized Wazirx for not adopting key security measures that could have prevented the breach.
Liminal Custody Responds to Wazirx Breach Allegations and Misinformation
Liminal Custody published an update on Tuesday titled “Wazirx Incident Update – Response to Ongoing Disinformation Campaign,” addressing confusion about its involvement in the Wazirx security breach. The update followed the Indian cryptocurrency exchange’s submission of 240,000 wallet addresses to a Singapore court, raising concerns in the crypto community. Wazirs had reported a July hack that resulted in the theft of over $230 million. Liminal used the update to clarify its role and refute misinformation, stressing the importance of transparency.
Liminal highlighted that, like others in the industry, it reviewed the list of wallet addresses disclosed by Wazirx.
“Like most in the industry, we too have combed through the list of the 240,000 wallet addresses shared by Wazirx. As stated by several other notable individuals as well, a majority of these addresses are hot wallets, while a handful are the warm / cold wallets that were managed through Liminal’s infrastructure,” Liminal explained, adding:
These handful wallets held all the balance funds of approximately USD 300 million for several days and approx USD 177 million for several months after the incident.
The update also tackled accusations from Wazirx that Liminal was responsible for the breach. According to Liminal, Wazirx initially blamed Liminal after the breach and publicly claimed to have cut ties with the company.
“As an immediate response to the breach, Wazirx blamed Liminal Custody and made media announcements on August 14, 2024 stating that it had ‘terminated’ its contract with Liminal,” the custodial firm detailed, emphasizing: “However, far from this posturing Wazirx continued to use Liminal’s infrastructure to access and manage their remaining user funds.” Liminal further shared:
Even 75 days after the hack, Wazirx was still holding over USD 175 Million in assets on Liminal’s platform. In fact, despite their accusations, as of today, approximately USD 50 Million of their user assets continue to remain on wallets accessed via Liminal Infrastructure.
In contrast to Wazirx’s accusations, Liminal maintained that it had no ability to initiate transactions or transfers, as Wazirx controlled the wallets. Liminal also pointed out that Wazirx failed to adopt several key infrastructure features, such as smart refill transactions, which could have prevented the cold wallet signatures from being leaked.