Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
USDC 
TRON 
Lido Staked Ether 
Dogecoin 
Figure Heloc 
Cardano 
Monero 
Wrapped stETH 
Bitcoin Cash 
WhiteBIT Coin 
Wrapped Bitcoin 
Wrapped Beacon ETH 
Wrapped eETH 
USDS 
Chainlink 
Binance Bridged USDT (BNB Smart Chain) 
LEO Token 
WETH 
Stellar 
Coinbase Wrapped BTC 
Sui 
Zcash 
Ethena USDe 
Avalanche 
Litecoin 
Hyperliquid 
Canton 
Shiba Inu 
Hedera 
World Liberty Financial 
USDT0 
sUSDS 
Dai 
Toncoin 
Cronos 
Ethena Staked USDe 
PayPal USD 
USD1 
Polkadot 
Uniswap 
Mantle 
Rain 
MemeCore 
Bittensor 
Aave 
Bitget Token 
Pepe 
Tether Gold 
OKB 
NEAR Protocol 
Falcon USD 
Jito Staked SOL 
Ethereum Classic 
Binance-Peg WETH 
PAX Gold 
Internet Computer 
Ethena 
BlackRock USD Institutional Digital Liquidity Fund 
Pi Network 
Aster 
Wrapped SOL 
POL (ex-MATIC) 
Jupiter Perpetuals Liquidity Provider Token 
HTX DAO 
Binance Staked SOL 
Worldcoin 
Circle USYC 
Global Dollar 
Pump.fun 
KuCoin 
syrupUSDC 
Ripple USD 
Aptos 
Provenance Blockchain 
Sky 
Wrapped BNB 
BFUSD 
Rocket Pool ETH 
Binance Bridged USDC (BNB Smart Chain) 
Kaspa 
Cosmos Hub 
Ondo 
Render 
MYX Finance 
Gate 
Arbitrum 
Algorand 
Kelp DAO Restaked ETH 
Midnight 
Filecoin 
Official Trump 
Story 
Quant 
Bridged Wrapped Lido Staked Ether (Scroll) 
Lombard Staked BTC 
Function FBTC 
VeChain 
Solv Protocol BTC 
NEXO 
Flare 
Bonk 
USDD 
XDC Network 
Janus Henderson Anemoy AAA CLO Fund 
Mantle Staked Ether 
Liquid Staked ETH 
USDtb 
OUSG 
Superstate Short Duration U.S. Government Securities Fund (USTB) 
Sei 
WrappedM by M^0 
Polygon Bridged USDC (Polygon PoS) 
Pudgy Penguins 
Arbitrum Bridged WBTC (Arbitrum One) 
clBTC 
Morpho 
Stacks 
Renzo Restaked ETH 
Jupiter Staked SOL 
Ondo US Dollar Yield 
Beldex 
Jupiter 
PancakeSwap 
USDai 
Artificial Superintelligence Alliance 
syrupUSDT 
Wrapped Flare 
StakeWise Staked ETH 
Virtuals Protocol 
L2 Standard Bridged WETH (Base) 
Polygon PoS Bridged DAI (Polygon POS) 
Optimism 
Tezos 
Dash 
Curve DAO 
Spiko EU T-Bills Money Market Fund 
Arbitrum Bridged WETH (Arbitrum One) 
Kinetiq Staked HYPE 
Chiliz 
SPX6900 
tBTC 
Usual USD 
Lighter 
Lido DAO 
Injective 
Aerodrome Finance 
GTETH 
GHO 
FLOKI 
First Digital USD 
TrueUSD 
Ether.fi 
Marinade Staked SOL 
Celestia 
Fasttoken 
Ether.Fi Liquid ETH 
Maple Finance 
Steakhouse USDC Morpho Vault 
Stader ETHx 
The Graph 
Coinbase Wrapped Staked ETH 
River 
JasmyCoin 
AB 
Wrapped ApeCoin 
sBTC 
BitTorrent 
Staked Aave 
Starknet 
USDB 
DoubleZero 
IOTA 
JUST 
Sun Token 
Ethereum Name Service 
Conflux 
Bitcoin SV 
Wrapped STX (Velar) 
Onyxcoin 
Pyth Network 
Fartcoin 
Gnosis 
dogwifhat 
Pendle 
AINFT 
Trust Wallet 
c8ntinuum 
crvUSD 
Kaia 
Cap USD 
Avalanche Bridged BTC (Avalanche) 
Binance-Peg Dogecoin 
EURC 
Telcoin 
Kinesis Gold 
WazirX said its preliminary investigation found no evidence indicating that the machines of WazirX signers were compromised during a recent sophisticated cyber attack on its multi-signature Ethereum wallet, according to a July 25 blog post,
The attack, which occurred earlier this month, has prompted significant concern and scrutiny within the crypto community. The exchange initially said the hack occurred due to an issue with its custody service provider, Liminal’s user interface.
However, Liminal said in its July 19 investigation report its infrastructure was not responsible for the hack and that compromised hardware wallets were the most likely cause.
WazirX investigation
WazirX emphasized that its ongoing forensic analysis has not uncovered any signs of malware or tampering on their signers’ devices. The attacked wallet required the signatures of three WazirX signers and one from Liminal, a custody service provider.
The malicious transactions were signed using devices at different locations, each accessing the legitimate Liminal website. The hardware wallets, crucial in securing transactions, did not detect any new connection requests, indicating the website used was authentic.
Despite the rigorous security measures in place, the attack involved legitimate signatures. The exchange believes this points to a potential breach within Liminal’s system. Furthermore, it said that even if the hardware wallets were compromised, Liminal’s fourth signature was the final “line of defense.”
WazirX outlined two possible scenarios that could explain the breach:
- Breach within Liminal’s Infrastructure: Malicious transactions were received directly from Liminal due to a potential compromise of their system. This scenario is currently considered more likely due to the absence of new connection requests to hardware wallets and the use of whitelisted addresses.
- Compromise of WazirX Signers’ Devices: This scenario involves malware infecting the devices of WazirX signers, although no preliminary evidence has been found to support this. It would also require a breach of Liminal’s firewall to obtain the final signature.
The exchange emphasized that the malicious transactions did not originate from WazirX servers, which points to a potential breach of Liminal’s security.
The hack
The India-based crypto exchange suffered the catastrophic hack on July 18. The attacker stole roughly 45% of the crypto it held, forcing it to halt operations. WazirX said that the hack only affected its multi-sig wallet and assured users that their fiat currency deposits remained safe.
The exchange said it is working with all relevant authorities and plans to resume services once a viable solution is found. It’s currently discussing possible partnerships that would allow it to make customers whole.
Cybersecurity experts have suggested the involvement of the notorious North Korean Lazarus Group, known for its advanced cyber attacks on financial institutions and crypto exchanges.
The incident highlights the evolving challenges of securing multi-signature wallets, particularly the risks associated with “blind signing,” where hardware wallets do not display transaction details.
WazirX said it had implemented industry-standard best practices, including verifying website URLs, using reputable platforms, and employing multi-factor authentication.
