About a month after hackers breached WazirX, leading to a $234m loss, Google-owned cybersecurity firm Mandiant cleared the crypto exchange, confirming there were no security breaches.
On Monday, Mandiant said in a blog that the exchange hired the firm to perform a forensic analysis following the incident. The objective was to assess whether any among the three laptops the WazirX team used had been compromised.
“We did not identify evidence of compromise on the three laptops that were used for signing transactions,” Mandiant said.
Mandiant’s Early Findings Indicate Liminal as Likely Origin of WazirX Hack
Mandiant said it would release a more detailed report. But preliminary findings suggest Liminal, WazirX’s multi-party computation wallet provider, was at the cyberattack’s source.
“We have full faith in the investigating agency and shall cooperate with them to the fullest extent,” a WazirX spokesperson said. “We are actively working on recovering the stolen funds and are hopeful that those responsible will be brought to justice.”
Meanwhile, WazirX co-founder Nischal Shetty said on X: “We’re glad that it’s all clear there is NO compromise on WazirX side.” He added the team is yet to hear credible answers from Liminal on what led to the cyberattack.
Exchange Alleges Liminal Security Failure, Shifts Assets to New Wallets
Last week, WazirX announced it would move remaining assets from custody partner Liminal to new multisig wallets. The exchange implied that Liminal was likely the origin of the breach. However, both WazirX and Liminal have issued contradictory statements, each accusing the other of being responsible for the hack.
In a report issued on July 25, WazirX declared it found no signs of compromise in its infrastructure’s signer machines.
The investigation further showed that the transactions from the hack were executed via Liminal’s infrastructure, using three signatures from WazirX and one from Liminal. This points to a possible flaw in Liminal’s security measures. The exchange stated that the Liminal MPC wallet, designed to block withdrawals to unauthorized addresses, did not function as intended.
The post Google’s Mandiant Debunks Laptop Compromise Claims in WazirX $234M Breach appeared first on Cryptonews.