Liminal Custody Not Responsible for $230 WazirX Hack: Audit Finds

On September 9, an independent audit conducted by Grant Thornton found that the $230 million hack of the WazirX exchange in July 2024 did not originate from Liminal Custody’s infrastructure.

Audit Clears Liminal Custody of Responsibility in $230M WazirX Hack

According to a Liminal Custody blog post , the audit concluded that the breach occurred outside its system, clearing the Singapore-based crypto custodian of any direct involvement in the exploit.

The Indian crypto exchange WazirX suffered a hack in July, resulting in a loss of over $230 million in funds. WazirX initially suspected that the issue may have stemmed from vulnerabilities between Liminal’s interface and the actual transaction data. However, the audit findings suggest otherwise.

Grant Thornton was hired to assess Liminal Custody’s involvement in the breach. After a detailed examination of Liminal’s frontend and backend infrastructure, the audit found no evidence that the custodian’s systems had been compromised.

According to Liminal Custody, the company’s multi-signature wallet model, which allows clients to maintain control of their keys, played a role in ensuring the safety of its systems. Liminal’s statement emphasized that any transactions on its platform are initiated by clients, meaning that the breach likely originated from the client’s side.

The custodial company has clarified that a complete review from auditors is still needed to understand fully how the breach occurred.

Notably, following the hack, WazirX, and Liminal Custody traded blame, as the custodial firm queried the exchange’s security infrastructure and audit validity.

Nonetheless, Grant Thornton’s initial audit has eliminated Liminal as a hack source, focusing attention on vulnerabilities within WazirX or its systems.

WazirX’s Socialized Loss Strategy Rejected by Users

In response to the hack, WazirX proposed a “socialized loss strategy” allowing users to access 55% of their funds, with the remaining 45% held by the exchange in Tether (USDT) tokens.

However, users strongly opposed this proposal, accusing WazirX of avoiding full responsibility for the incident.

The backlash forced WazirX to reverse its plan, and the exchange has since promised to explore other options for compensating users who lost funds in the breach.

WazirX has also moved its assets to new multi-signature wallets to improve security following the attack, as its exchange company Zettai calls for white knights’ support to rescue WazirX .

While the exact source of the breach remains unclear, Grant Thornton’s audit points to weaknesses within WazirX’s infrastructure rather than Liminal Custody’s system.

Liminal’s secure infrastructure, combined with their multi-signature wallets requiring client authorization, has significantly reduced the likelihood that the hack originated from their platform.