Liminal cleared by independent security audit after WazirX breach, no vulnerabilities found

Sep 09,2024

Leading global auditor Grant Thornton has confirmed the security of Liminal’s infrastructure following a comprehensive review conducted in response to WazirX’s July 18 hack .

The hack, which targeted WazirX’s systems, prompted Liminal to launch an internal investigation and engage independent auditors to assess potential vulnerabilities within its own platform. The firm reaffirmed that its systems were not compromised in the hack.

Liminal cleared

The Grant Thornton audit, part of Liminal’s broader investigation into the incident, found no evidence of compromise in its frontend, backend, or user interface (UI).

The platform, which offers self-custody wallet services where private keys remain with clients, was cleared of any vulnerabilities related to the breach. The third-party audit provided further assurance that Liminal’s systems remained secure throughout the incident, which led to losses of over $235 million.

Liminal had launched its own internal investigation immediately after the hack, which involved a thorough examination of discrepancies in data payloads between its system and WazirX.

Liminal stated that its self-custody wallet infrastructure — designed so that private keys and transaction initiations remain with the client — was not vulnerable to the type of attack that occurred at WazirX.

Liminal said its findings suggest that the breach likely occurred within WazirX’s infrastructure. It added that discrepancies between data payloads from both sides further point to external factors as the source of the compromise. The exchange had previously claimed the vulnerability may have potentially originated from Liminal’s infrastructure.

Further steps

Liminal also emphasized its commitment to security and transparency, promising to continue its investigation and provide updates to clients and users as more information becomes available.

It stated:

“Our focus on security and transparency is unwavering, and we are further strengthening our security measures in light of this incident.”

While Liminal’s systems were cleared in the audit, the company said it is reinforcing its security measures as a precautionary step. It also noted that all transactions in its self-custody wallets are initiated by clients, further reducing the risk of internal breaches.