- Liminal Custody said three WazirX wallets were breached in the lead-up to the $230 million exploit.
- WazirX said that a discrepancy on Liminal’s interface triggered the loss. If filed a police report today.
- Security firm Elliptic said on Thursday that North Korean hackers appear to be behind the hack.
Unmute
00:56Over $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report
00:59Running With Crypto: 5 Questions With TRM Labs' Ari Redbord
09:43Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts
02:01Breaking Down the State of Hacking in 2024
WazirX and Liminal Custody, the two firms at the center of yesterday’s $230 million exploit, are blaming each other for the success of the attack, leaving users in the dark over the security of their funds.
In a post on X, Indian crypto exchange WazirX said the exploit was related to a multisig wallet using Liminal’s digital asset custody service. The attack stemmed from a “discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents,” it said.
Liminal, for its part, said its infrastructure had not been breached and that all wallets – including WazirX’s – remain safe. A multisig wallet is one that requires several people to sign a transaction before it can be executed.
“There is no breach in Liminal’s infrastructure, wallets and assets,” Liminal said in a blog post. “Unfortunately three of the victims machines have been found injecting malicious payloads into the transaction indicating a sophisticated, well planned and targeted attack on one specific Gnosis Smart Contract Multi-Sig wallet.”
The exchange filed a police report and engaged with the Indian Computer Emergency Response Team (CERT-In) earlier today. The stolen funds account for more than 45% of its $500 million holdings, according to a transparency report from June. Crypto security firm Elliptic said that North Korean hackers appear to be behind the exploit.
Liminal did not respond to a request for comment.
Edited by Sheldon Reback.