Liminal Cleared, Mystery Deepens in WazirX Crypto Hack Saga

The ongoing dispute between WazirX and Liminal Custody took another turn after Liminal’s latest response to claims following the July 18, 2024, hack, where over $230 million in crypto assets were stolen. While WazirX’s audit, conducted by Mandiant, found no compromise in WazirX’s systems, Liminal quickly defended itself, questioning the audit’s scope and raising concerns about the attack’s origins. Both sides have since been at odds, with WazirX implying that Liminal’s custody systems may have been compromised.

Liminal’s Press Release Clears Its Infrastructure

In an exclusive communication with Cryptonews, Liminal released a statement based on the findings of a comprehensive audit conducted by Grant Thornton, one of the top-ranked global auditing firms. Liminal stated, “Grant Thornton… concluded that there was no evidence that the attack originated on Liminal’s Web Application.” Liminal further clarified that its “frontend, backend, and user interface (UI) are found with no evidence of any compromise or vulnerabilities,” shifting focus away from its own infrastructure as the cause of the breach.

Additionally, Liminal highlighted that it cannot initiate transactions, as its self-custody wallet infrastructure means “a majority of the private keys… remain with our clients,” including WazirX. Liminal also emphasized that the audit report confirms the incident likely originated outside of its control, reaffirming the security of its systems.

If Not WazirX or Liminal, Then Who?

With both WazirX and Liminal stating that their systems were uncompromised, the question remains—where did the breach originate? The most popular explanation at least believed by the hack victims is that hasn’t been fully ruled out is the potential of an inside job within WazirX, or even a collaboration between entities within both companies. This theory gains credibility given the past connections between WazirX founder Nischal Shetty and Liminal founder Mahin Gupta, who both have ties to Pi42, another venture where Shetty is a co-founder, and Gupta served as an investor and advisor.

The coincidence of their involvement in multiple ventures raises suspicion, especially as evidence of these ties was recently removed from the Pi42 website. These connections continue to cast doubt on the entire situation, leaving many wondering if there could be more to the hack than has been disclosed so far.

While both Liminal and WazirX have issued press releases to defend their positions, neither has provided the full audit reports or detailed methodologies behind their claims. This lack of transparency fuels further speculation about the true origin of the attack. For users and stakeholders affected by the hack, it’s clear that only full disclosure of the investigation findings from both sides can provide much-needed clarity and restore trust in the platforms. Until then, the blame game continues, with no clear resolution in sight.