Liminal's Detailed Report on WazirX Security Breach

Liminal has released an in-depth report regarding the recent security breach at WazirX, which resulted in the loss of funds from their Gnosis SAFE smart contract wallet. This report aims to clarify the events leading to the breach and emphasize that Liminal's infrastructure remains uncompromised.

Overview of the Incident

The breach, which occurred on July 18, 2024, involved the draining of funds from a Gnosis SAFE multisig wallet used by WazirX. This wallet, deployed by WazirX before their partnership with Liminal, was imported into Liminal's platform for operational ease. Importantly, all other wallets on Liminal's platform remain secure.

Sequence of Events Leading to the Breach

First Signature Exploit:

The breach began with an attempted GALA transaction by one of the victims (victim 1). The transaction, which was compromised by a malicious actor, was rejected by Liminal due to a signature mismatch. The attacker had already compromised victim 1’s device, allowing them to intercept and alter the transaction payload.

Second Signature Exploit:

After the first attempt failed, a second victim (victim 2) attempted another GALA transaction. Similarly, the attacker compromised victim 2's device and injected a malicious payload into the transaction, leading to another rejection by Liminal due to mismatched data.

Third Signature Exploit:

The third exploit involved a USDT transaction approved by a third victim (victim 3). The attacker, having already obtained signatures from victims 1 and 2, used a compromised device to inject a malicious payload. Once Liminal received the final signature, the transaction was sent to the blockchain but failed due to one invalid signature.

Analysis of the Exploit

The attackers used a sophisticated method to compromise three devices, injecting malicious payloads and exploiting signatures. The sequence of events suggests the use of automated tools, pointing to a highly coordinated and targeted attack on WazirX's multisig wallet.

Liminal's Infrastructure Integrity

Liminal's report confirms that their platform and infrastructure were not breached. All wallets within the Liminal ecosystem, including other WazirX Gnosis SAFE wallets, remain secure. The compromised wallet was a pre-existing, self-custodial multisig wallet imported at WazirX's request.

Conclusion and Next Steps

However, it's important to note that in any security breach, stakeholders will scrutinize all involved parties. While Liminal’s detailed report aims to defend their position and maintain credibility, some may still perceive them as trying to distance themselves from the incident.

Ultimately, Liminal's clear and detailed communication, combined with their emphasis on ongoing security, is key to maintaining trust and mitigating any negative perceptions. Their proactive and transparent approach is generally viewed positively in the tech and crypto communities. Liminal emphasizes that their infrastructure is secure and continues to operate smoothly, processing millions of dollars in transactions without issues. As investigations continue, Liminal is working closely with WazirX to address the breach and enhance security protocols.