Two months after hackers managed to steal over $230 million from India-based crypto exchange WazirX, the status of customer funds remains in doubt as the exchange and its custody provider, Liminal, continue to play the blame game.
Both firms continue to accuse the other of being at fault for the breach that allowed the hacker to steal customer funds, and there appears to be no resolution in sight, especially with internal investigations seemingly moving ahead at a snail’s pace.
Most recently, the firm faced legal threats from its customers, with the most notable pursuant being another rival exchange, CoinSwitch. The company initiated legal action against Wazir to recover 2% of its funds worth approximately $6.2 million.
Thus, to gain injunctive relief, the exchange filed a moratorium application to obtain a 30-day extension for its internal investigation efforts.
However, as part of a recent affidavit, it was revealed that only 441 users — translating to approximately 0.02% of WazirX’s two million strong monthly user base — supported the appeal, which WazirX’s majority stakeholder, Zettai, filed. Despite the meager backing, the moratorium was passed on Sept. 13.
Despite its ongoing fund recovery efforts, WazirX recently said 43% of customer funds are irrevocably lost.
Liminal and WazirX try to wash their hands
To help clear its name and showcase that its digital infrastructure had not been compromised during the hack, Liminal announced on Sept. 9 that it had undergone an independent audit by multinational professional services firm Grant Thornton.
The audit found that Liminal did not find any evidence of the cyberattack originating from Liminal’s web apps or its back-end and front-end structures.
Recent: Venezuela opposition’s Bitcoin reserve plan must overcome political turmoil first
Liminal stated that while its preliminary reports identified a mismatch between the data shared by the firm and the payload received from the client’s systems, the audit report affirmed that the custody provider had nothing to do with the lost funds.
“We now have multiple reviews which conclude that Liminal’s front end, back end and UI [user interface] are found with no evidence of any compromise or vulnerabilities related to the transaction workflow,” a Liminal spokesperson stated.
Around the same time, WazirX also enlisted the services of Google subsidiary Mandiant. Their findings confirmed that WazirX’s Laptops were not compromised during the attack, an assertion that had been widely circulating on the internet following the attack.
Bartosz Barwikowski, a security expert for blockchain auditing firm Hacken, told Cointelegraph that without insider information, knowing the exact attack methods is impossible. He added:
“It’s possible that the root cause of the security breach has already been identified internally but is being withheld due to the ongoing criminal investigation, or the attacker was able to do it without leaving any trace in their system, complicating the detection process.”
Given the significance of the hack, he further noted that it is likely that government agencies are now involved and are trying to keep the investigation confidential, contributing to the apparent lack of breakthroughs.
Yongjin Kim, the CEO of Asian derivatives trading platform Flipster, told Cointelegraph that while details about the incident remain limited, he believes the attacker was able to replace the payload during the signing process.
“Simply splitting keys and using a multisignature policy doesn’t ensure complete safety. Additional security layers are essential to protect funds. It’s also crucial to secure all internal devices, particularly those involved in the signing process, and to enforce strict internal employee controls,” Kim stated.
Utkarsh Tiwari, chief strategy officer for Indian exchange KoinBX, believes that Grant Thornton and Mandiant’s reports could be addressing different facets of the incident.
“It’s possible that WazirX’s systems weren’t directly hacked, but the vulnerability lay elsewhere, potentially in third-party integrations, user-end vulnerabilities or even internal errors,” he told Cointelegraph.
Binance responds to WazirX’s claims of financial accountability
Following the hack, WazirX claimed that Binance was responsible for repaying its creditors as it had allegedly acquired WazirX.
Binance denied any such acquisition, stating on Sept. 17 that it “never acquired or controlled WazirX. While a contract had been signed between the parties, the proposed transaction never closed.”
Binance further emphasized that it has never been involved in the day-to-day operations of the Indian exchange.
“The WazirX team and Nischal Shetty continue to mislead WazirX customers and the market regarding the relationship between WazirX and Binance,” the company wrote.
Binance said that WazirX is owned by Zanmai Labs, which is registered with the Indian Financial Intelligence Unit.
A closer examination of WazirX’s corporate structure shows that Zanmai is a subsidiary of Zettai Pte, a limited liability company registered in Singapore.
Nischal Shetty, WazirX’s CEO, has a sizable stake in both companies. The structure separates corporate and personal assets, allowing him to potentially shield his personal funds from any liabilities.
WazirX has also cited an alleged ownership dispute between Zanmai Labs and its parent company, Zettai Pte, as a barrier to restructuring its Indian operations. Binance, however, dismissed these claims as a deceptive strategy to avoid accountability for the exchange’s shortcomings.
Stolen funds continue to move amid recovery efforts
On Sept. 9, asset data tracked by Arkham revealed that more than 5,000 Ether (ETH) worth around $11.6 million was moved by the hacker to a new address at 7:19 am UTC.
Of this amount, $1.2 million worth of crypto was sent to the infamous crypto mixing platform Tornado Cash as part of five different transfers.
Related: Full decentralization will happen in a few years — Layer-2 rollup teams
Tornado Cash enables anonymous token exchanges across blockchains by obscuring wallet addresses. While not inherently malicious, it is frequently utilized by crypto thieves to conceal their identities and the origins of their stolen funds.
The transfer came after the hacker moved $4 million a week earlier. The hacker’s main address still holds over $72 million worth of various tokens, with a majority of their stake maintained in ETH.
WazirX declined Cointrelegraph’s request for comment.