Imagine waking up to the shocking news that $230 million has vanished overnight—not from a traditional bank but from one of India’s leading crypto exchanges. That’s exactly what happened on July 18th, sending shockwaves through the crypto world.
But who’s really at fault? Was the crypto exchange responsible, or was it someone else? Let’s dive into the full story behind this massive heist.
What Exactly Happened?
On July 18th, hackers successfully breached one of WazirX’s multisig wallets, making off with a staggering $230 million. The wallet was managed by Liminal Custody, a third-party service provider renowned for its strict security protocols.
Liminal’s reputation extends beyond wallet management—they’ve even assisted the Central Bureau of Investigation (CBI) in safeguarding confiscated digital assets.
WazirX and Liminal had a solid security system in place. Six signatories were required to approve every transaction: five from WazirX and one final sign-off from Liminal. WazirX’s signatories were secured with Ledger Hardware Wallets, and Liminal ensured that only pre-approved, whitelisted addresses could receive funds.
With all these measures, it seemed foolproof. So, how did things go so wrong?
The Massive Security Breach
Despite these robust security layers, the hackers allegedly exploited a bug in Liminal’s interface. This flaw allowed them to manipulate the backend details and bypass Liminal’s whitelisting protocol, facilitating unauthorized transfers.
The question now is: where did the fault truly lie?
WazirX Or Liminal: Who’s Really to Blame?
The blame game started soon after the heist. Liminal, the trusted custody wallet provider, pointed fingers at WazirX, claiming the exchange was responsible for the massive theft. WazirX retaliated with proof, including a month-long forensic analysis by a globally renowned and leading cybersecurity and investigations firm.
No evidence of compromise was found on WazirX’s end in the forensic investigation. The three laptops used for signing transactions were clean, leaving Liminal’s system as the likely point of failure.
Since the hack, Liminal has focused more on blaming WazirX than providing any concrete evidence. They haven’t published a report or conducted an independent investigation, leading many to suspect that their system was compromised or that there was some insider involvement.
What’s Next?
Both companies are standing their ground. While there is no clear communication from Liminal’s end, WazirX has emerged with a clean slate after a thorough forensic analysis.
Adding fuel to the fire, it was discovered that Liminal recently deleted a blog post about securing a $50 million insurance policy to protect customer assets. Was this deletion related to the hack? The timing certainly raises eyebrows.
As this saga unfolds, the $230 million heist has undoubtedly shaken confidence in multisig wallets and third-party providers in the crypto space. Stay tuned as the story develops—there’s surely more to come.