Compromised WazirX devices provided "legit transaction details" to Liminal’s network, allowing the attacker to drain the exchange’s funds, the MPC provider claimed.
Multi-party computation (MPC) wallet provider Liminal released a July 19 post-mortem report on the WazirX hack from the previous day, claiming that its UI was not responsible for the attack. According to the report, the hack occurred because three WazirX devices were compromised.
Liminal also claimed that its multi-signature wallet was set up to provide a fourth signature if WazirX provided the other three. This meant the attacker only needed to compromise three devices to perform the attack. The wallet was set up this way at the behest of WazirX, the wallet provider claimed.
In a July 18 social media post, WazirX claimed that its private keys were secured with hardware wallets. WazirX said the attack “stemmed from a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents.”