The dispute centers around multisig wallets.
The dispute centers around multisig wallets.
WazirX and Liminal Custody, the two firms at the center of yesterday’s $230 million exploit, are blaming each other for the success of the attack, leaving users in the dark over the security of their funds.
In a post on X, Indian crypto exchange WazirX said the exploit was related to a multisig wallet using Liminal’s digital asset custody service. The attack stemmed from a “discrepancy between the veri displayed on Liminal’s interface and the transaction’s actual contents,” it said.
Liminal, for its part, said its infrastructure had not been breached and that all wallets – including WazirX’s – remain safe. A multisig wallet is one that requires several people to sign a transaction before it can be executed.
“There is no breach in Liminal’s infrastructure, wallets and assets,” Liminal said in a blog post. “Unfortunately three of the victims machines have been found injecting malicious payloads into the transaction indicating a sophisticated, well planned and targeted attack on one specific Gnosis Smart Contract Multi-Sig wallet.”
The exchange filed a police report and engaged with the Indian Computer Emergency Response Team (CERT-In) earlier today. The stolen funds account for more than 45% of its $500 million holdings, according to a transparency report from June. Crypto security firm Elliptic said that North Korean hackers appear to be behind the exploit.
Liminal did not respond to a request for comment.