,

WazirX, Liminal Custody Blame Each Other as $230M Crypto Exploit Leaves Customers Stranded

Liminal Custody said three WazirX wallets were breached in the lead-up to the $230 million exploit.

WazirX said that a discrepancy on Liminal’s interface triggered the loss. If filed a police report today.

Security firm Elliptic said on Thursday that North Korean hackers appear to be behind the hack.

00:56

Over $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report

00:59

Running With Crypto: 5 Questions With TRM Labs’ Ari Redbord

09:43

Hacks Involving North Korea Are ‘Even Greater Problem’: Legal Experts

02:01

Breaking Down the State of Hacking in 2024

WazirX and Liminal Custody, the two firms at the center of yesterday’s $230 million exploit, are blaming each other for the success of the attack, leaving users in the dark over the security of their funds.

In a post on X, Indian crypto exchange WazirX said the exploit was related to a multisig wallet using Liminal’s digital asset custody service. The attack stemmed from a “discrepancy between the data displayed on Liminal’s interface and the transaction’s actual contents,” it said.

Liminal, for its part, said its infrastructure had not been breached and that all wallets – including WazirX’s – remain safe. A multisig wallet is one that requires several people to sign a transaction before it can be executed.

“There is no breach in Liminal’s infrastructure, wallets and assets,” Liminal said in a blog post. “Unfortunately three of the victims machines have been found injecting malicious payloads into the transaction indicating a sophisticated, well planned and targeted attack on one specific Gnosis Smart Contract Multi-Sig wallet.”

The exchange filed a police report and engaged with the Indian Computer Emergency Response Team (CERT-In) earlier today. The stolen funds account for more than 45% of its $500 million holdings, according to a transparency report from June. Crypto security firm Elliptic said that North Korean hackers appear to be behind the exploit.

Liminal did not respond to a request for comment.

Edited by Sheldon Reback.