Indian crypto exchange Wazirx says cybersecurity firm Mandiant, a Google subsidiary, has confirmed that Wazirx team laptops were not compromised during the $230 million cyberattack. The exchange added that attention is now focused on custodian Liminal’s wallet infrastructure, and the investigation’s findings have been shared with law enforcement and other agencies to assist in recovering the stolen assets.
Wazirx Tells Users: Google's Mandiant Confirms No Breach on Laptops During Cyberattack
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
Hack Investigation Reaches Crucial Milestone, Says Wazirx
Indian cryptocurrency exchange Wazirx announced on Monday that it has reached “a crucial milestone” in its investigation of the recent cyberattack. The company revealed on social media platform X that cybersecurity firm Mandiant, a Google subsidiary, has verified the security of the laptops used by Wazirx team members during the breach.
The crypto exchange stated:
Mandiant, a leading cybersecurity firm and Google subsidiary, has confirmed that the laptops used by Wazirx team members during the recent $230M cyberattack were not compromised.
This announcement followed weeks of analysis after the theft of over Rs 2,000 crores ($230 million) in digital assets from one of Wazirx’s multisig wallets. Wazirx noted that the findings “have been shared with law enforcement and other investigative agencies to aid in the recovery of stolen assets.”
According to the exchange, Mandiant submitted its report on Aug. 14, finding no signs of compromise on the three laptops used by Wazirx for signing transactions. Wazirx noted that the investigation is now focusing on the wallet infrastructure managed by custodian Liminal. The crypto exchange noted that Mandiant’s report stated: “We did not identify evidence of compromise on the three laptops that were used for signing transactions.”
Wazirx co-founder Nischal Shetty explained on X that the exchange engaged Mandiant to conduct a comprehensive forensic analysis of three laptops involved in the signing process because Liminal blamed Wazirx laptops for the cyberattack without providing any evidence. “This Mandiant report should put to rest any fingers pointing at Wazirx for wrongdoing or maliciousness. Wazirx followed industry best practices, and the report proves that there was no compromise on Wazirx’s side,” Shetty stressed.
He also mentioned that Wazirx is still waiting for answers from Liminal on several critical issues, including the cause and extent of the breach, the possibility of insider involvement, how their website displayed a genuine transaction while sending an incorrect payload for signing, why the firewall permitted a transaction to a non-whitelisted address, and how the malicious transaction was signed and approved. The co-founder added:
In parallel, we’ve been working on the resolution to INR and crypto assets on the platform.
Liminal has maintained that the breach did not occur on their side. In a statement to Bitcoin News last week, the firm explained that the client uses their self-custody wallet infrastructure software, which grants the client full access to all wallets and funds at all times, making them the sole initiators of all transactions. Liminal emphasized that clients also receive recovery and backup kits to ensure complete access to their wallets, even if Liminal ceases to exist, a standard feature of all self-custodial wallet products.
Meanwhile, Wazirx users are increasingly concerned about their inability to access funds due to ongoing withdrawal freezes. They are demanding that the exchange stop blaming others and restore access to their money.
What are your thoughts on Mandiant’s findings and Wazirx’s efforts to recover from this cyberattack? Let us know in the comments section below.
