Liminal Custody said on Monday, September 9, that they had been cleared of any participation in the $230 million hack that happened on July 18, 2024, according to an independent audit carried out by Grant Thornton. Liminal Custody asserts that WazirX’s flaws, not their own, were probably the cause of the multi-signature wallet compromise.
Grant Thornton cleared the liminal custody audit.
Liminal Custody enlisted Grant Thornton, a leading international audit company, to carry out a comprehensive examination of the event. According to Grant Thornton’s analysis, Liminal’s infrastructure was most likely not the source of the incident. The audit did not discover any indications of a breach in Liminal’s User Interface (UI), backend, or front end.
According to our first findings, there was a disparity between the data payloads that our system generated and the ones that the client’s system sent us. According to Liminal Custody, this disparity suggested a possible breach in either our front-end systems or the client’s end. Nevertheless, Grant Thornton’s independent examination has verified that Liminal’s systems are still safe and that the intrusion most likely happened somewhere else.
According to Liminal Custody, transactions are only started by customers because of their self-custody wallet architecture, in which clients keep most private keys. Transactions always start at our client’s end first; Liminal is unable to begin them, the company clarified.
Context: The audit results from WazirX
Earlier, WazirX had hired Mandiant Solutions, a Google company, to carry out a forensic investigation into the hack. According to Mandiant’s preliminary assessment dated August 14, WazirX indicated that their computers used for transaction signatures were not affected. WazirX has speculated that Liminal Custody may have been the source of the problem, but the whole report is still pending.
Six signatories—five from WazirX and one from LC—were implicated in the multi-sig wallet compromise. As a result of the event, WazirX lost about forty-five percent of its holdings.
It has expressed doubts about the extent and methodology of WazirX’s audit in response to the company’s assertions. They contend that considering their involvement in managing five of the six keys, the security of WazirX’s network architecture and custody controls needs to be called into question.
WazirX and Liminal Custody are at odds.
Since the hack, WazirX and LC have disagreed more intensely. WazirX said that Liminal Custody was responsible for the significant asset loss because they neglected to safeguard the multi-sig wallet. Liminal Custody, for its part, insists that its systems were safe and that WazirX’s flaws were probably the cause of the hack.
Tensions are still high as both businesses deal with the aftermath of the hack, underscoring enduring worries about security and responsibility in the Bitcoin space.
It is important to remember that WazirX management and Liminal Custody have been at odds since the July 18 incident. WazirX had accused Liminal of failing to safeguard the compromised multi-sig wallet. According to a previous investigation by The Crypto Times, Nischal Shetty, one of the co-founders of WazirX, and Mahin Gupta of Liminal Custody have ties to Pi42 exchange, another company that Nischal co-founded.
In the meantime, WazirX customers have now requested that the Central Bureau of Investigation (CBI), the top investigative body in India, investigate the matter and investigate Liminal Custody as well as WazirX management to learn the whole truth.
Conclusion
On July 18, 2024, Liminal Custody said that an independent audit conducted by Grant Thornton had acquitted them of any participation in the $230 million hack. Since the audit did not identify any weaknesses in Liminal’s systems, WazirX was probably the source of the intrusion.
According to Liminal Custody, the audit findings indicate that WazirX’s administration was most likely responsible for the hack on the multi-sig wallet.
The event transpired several weeks after WazirX management issued a statement accusing Liminal Custody of being responsible for the compromise of their multi-sig wallet and asserting that the latter was entrusted with its security.
