About a month after hackers broke into WazirX, leading to a loss of $234 million, Google-owned cybersecurity firm Mandiant has cleared the cryptocurrency exchange, confirming that there were no security breaches.
Mandiant said in a blog post on Monday that the exchange had hired the firm to conduct a forensic analysis following the incident. The goal was to see if any of the three laptops used by the WazirX team had been breached.
“We found no evidence of a security breach on the three laptops used to sign transactions,” – Mandiant said.
Mandiant points to Liminal as the likely source of the attack on WazirX
Mandiant said it will publish a more detailed report. However, preliminary findings suggest that Liminal, the computing wallet provider for many WazirX sites, was the source of the cyberattack.
“We have full confidence in the investigating agency and will cooperate fully with them,” – A WazirX spokesperson said. “We are actively working to recover the stolen funds and hope that those responsible will be held accountable.”
Meanwhile, WazirX co-founder Nischal Shetty told X: “We are glad that it is clear that there is NO compromise on the part of WazirX.” He added that the team has not yet received credible answers from Liminal about what led to the cyberattack.
Last week, WazirX announced that it would transfer the remaining assets from partner Liminal to new multisig portfolios. The exchange suggested that Liminal was likely the source of the breach. However, both WazirX and Liminal have issued contradictory statements accusing each other of being responsible for the hack.
In a report issued on July 25, WazirX said it found no signs of a security breach of the signatory machines of its infrastructure.
The investigation further revealed that the hacked transactions were executed through Liminal’s infrastructure, using three signatures from WazirX and one from Liminal. This indicates a possible vulnerability in Liminal’s security. The exchange found that Liminal‘s MPC wallet, designed to block withdrawals to unauthorized addresses, did not work as intended.