Key Takeaways
- Liminal Custody has denied responsibility for the hack and accused WazirX of spreading misinformation.
- Liminal clarified that of the 240,000 crypto wallets WazirX manages, only a small fraction used Liminal’s infrastructure
A major blame game has ensued between WazirX, one of India’s leading crypto exchanges, and its custody partner Liminal following a July cyberattack that led to the loss of $235 million in user assets. The hack, which took place on July 18, 2023, targeted WazirX’s Ethereum wallets, with the exchange subsequently losing 45% of its assets.
In August, WazirX blamed Liminal Custody for the breach and terminated their contract. Liminal, a platform providing custody and wallet infrastructure, has now fired back, stating on October 22, 2023, denying responsibility for the hack and accused WazirX of spreading misinformation.
In its announcement, Liminal stated that of the 240,000 crypto wallets WazirX manages, only a small fraction used Liminal’s infrastructure, and the exchange had not utilized all of the services that could have provided additional protection. “Out of the 240,000 wallets, only a handful were managed through our platform before the hack,” Liminal stated. They also highlighted that WazirX was still using its services even after the cyberattack.
“Seventy-five days after the breach, WazirX still held over $175 million in assets on Liminal’s platform. As of today, $50 million remains in wallets accessed through our infrastructure,” Liminal said. They emphasized that only WazirX had the ability to initiate transactions, and Liminal had no control over moving funds.
The conflict deepened when WazirX, under court orders, disclosed the addresses of around 240,000 wallets in mid-October as part of a debt restructuring process overseen by Singapore’s courts.
WazirX’s parent company, Zettai Pte, filed for a four-month moratorium in Singapore to protect itself from legal action while it works on restructuring its crypto liabilities. However, Liminal criticized this disclosure, accusing WazirX of attempting to mislead users and authorities about the nature of the hack and its aftermath.
Further complicating matters, CoinSwitch co-founder Ashish Singhal accused WazirX of moving over $73 million in user assets to global exchanges KuCoin and Bybit shortly after the hack. Singhal claimed that $72.12 million went to Bybit and an additional $1.5 million to KuCoin, raising concerns about WazirX’s handling of user funds.
WazirX co-founder Nischal Shetty acknowledged that some user funds were indeed transferred to third-party exchanges. He explained that the company was facing challenges in finding a suitable custodian for all their tokens, leading them to use third-party platforms temporarily while they worked on finalizing their Proof-of-Reserve (POR) process.