lazarusholic

Everyday is lazarus.dayβ

WazirX hacked but Liminal is to blame?

2024-07-27, MuditGupta
https://mudit.blog/wazirx-liminal-hacked-by-north-koreans/
#WazirX #Cryptocurrency

Contents

On 18 July 2024, WazirX multisig wallet was compromised and cryptocurrencies worth around $230 million (~₹2,000 crore) were stolen.
How could that happen? The short answer is it happened because both WazirX and their custody service provider Liminal, messed up. Let’s dive into it, starting with how the wallet was setup.
The wallet
The exploited wallet was a 4/6 multisig. This means that at least 4 out of the 6 signers had to approve all transaction. Five of the six signers were from WazirX, and the sixth was from Liminal. To execute a transaction, 3 WazirX signers first approve it. Then, Liminal checks if the transaction meets WazirX’s policies before giving the final approval and executing the transaction.
The hack
The attackers managed to upgrade the multisig (multi-signature) wallet to a malicious version, allowing them to steal all the funds. This upgrade required signatures from three WazirX signers and one Liminal signer. Interestingly, instead of …