Liminal Custody Cleared in $230 Million WazirX Hack: Audit Finds

In a recent development, an independent audit conducted by Grant Thornton has cleared Liminal Custody of any involvement in the $230 million hack of the WazirX exchange. The audit, which was completed on September 9, 2024, revealed that the breach did not originate from Liminal Custody’s infrastructure. This finding shifts the focus back to WazirX, which had initially suspected vulnerabilities in the interface between Liminal’s system and transaction data. The audit’s conclusions have significant implications for both companies and the broader crypto community.

Independent Audit Clears Liminal Custody

The independent audit by Grant Thornton was a thorough investigation aimed at determining the source of the $230 million hack that affected WazirX in July 2024. The audit examined Liminal Custody’s frontend and backend systems, as well as its user interface, to identify any potential vulnerabilities. The findings were clear: Liminal Custody’s infrastructure was not compromised, and the breach likely originated from outside their systems.

This conclusion is a significant relief for Liminal Custody, a Singapore-based crypto custodian known for its robust security measures. The company’s multi-signature wallet model, which allows clients to maintain control of their keys, played a crucial role in ensuring the safety of its systems. According to Liminal Custody, all transactions on its platform are initiated by clients, further supporting the audit’s findings that the breach did not occur within their infrastructure.

The audit’s results have shifted the spotlight back to WazirX, which had initially pointed fingers at Liminal Custody. The findings suggest that the vulnerabilities may lie within WazirX’s own systems or processes, raising questions about the exchange’s security protocols and measures.

WazirX’s Response and Next Steps

Following the audit’s findings, WazirX has been under increased scrutiny to address the vulnerabilities within its systems. The exchange had previously engaged Mandiant Solutions, a Google subsidiary, to conduct a forensic analysis of the cyberattack. Mandiant’s preliminary report, released in August 2024, indicated that the laptops used for signing transactions were not compromised. However, the full report is still pending, and WazirX has yet to provide a comprehensive explanation of how the breach occurred.

In response to the hack, WazirX proposed a “socialized loss strategy” to compensate affected users. This strategy allows users to access 55% of their funds, with the remaining 45% held by the exchange in Tether (USDT) tokens. This proposal has been met with mixed reactions from the crypto community, with some users expressing frustration over the partial compensation.

The audit’s findings have intensified the pressure on WazirX to enhance its security measures and provide a clear account of the breach. The exchange’s ability to regain the trust of its users and the broader crypto community will depend on its response to these challenges and its commitment to improving its security infrastructure.

Implications for the Crypto Industry

The findings of the Grant Thornton audit have broader implications for the crypto industry, highlighting the importance of robust security measures and transparent communication. The audit’s conclusion that Liminal Custody’s systems were not compromised underscores the effectiveness of the company’s security protocols and the value of independent audits in maintaining trust within the crypto ecosystem.

For WazirX, the audit’s findings serve as a wake-up call to address potential vulnerabilities and enhance its security measures. The exchange’s response to the breach and its efforts to compensate affected users will be closely watched by the crypto community and regulators alike.

The incident also highlights the need for collaboration and transparency within the crypto industry. By working together and sharing information about security threats and best practices, crypto companies can better protect their users and maintain the integrity of the ecosystem. The Grant Thornton audit serves as a reminder of the importance of independent assessments in identifying and addressing security vulnerabilities.

As the crypto industry continues to grow and evolve, the lessons learned from the WazirX hack and the subsequent audit will play a crucial role in shaping the future of security and trust within the ecosystem. Companies must remain vigilant and proactive in addressing potential threats to ensure the safety and security of their platforms and users.