Liminal responds to chargesheet; provides investigation details on WazirX hack
Liminal Custody on Thursday issued a statement regarding the chargesheet filed on the initial investigation conducted by the Intelligence Fusion and Strategic Operations (IFSO) of Delhi Police on the $234 million WazirX hack, refuting non-compliance from its end.
The chargesheet detailed that on August 14, the authorities sent a notice to First Answer India Pvt Ltd (Liminal) regarding the WazirX hack, which happened in July, as part of the ongoing investigation.
Liminal responded to the notice on August 20. However, after analysing the response, the investigator noted that the company had not provided any details regarding the alleged incident.
The authorities sent a notice again to Liminal on September 27, which it responded to on October 1, but did not provide the data or logs of the date when the hack happened.
According to the chargesheet, these logs and data were required to establish whether the offence occurred due to hacking or any insider/official of Liminal company being involved in the cyberattack.
In response, Liminal said, “We would like to clarify that Liminal has not only submitted their reply to the authorities, but has also officially met with IFSO officials to help them with our best efforts despite the territorial limitations of data sharing. We have no indication of non cooperation from the authorities and we continue to engage proactively and to provide our support to address this matter with transparency and responsibility. It is important to emphasize that despite what the media report might insinuate, the investigations with all parties are still ongoing and it is extremely premature to arrive at any conclusions at this stage.”
Liminal is a third-party custody solutions provider, whose services were used by WazirX to help secure its cold wallet, a multi-signature wallet.
“Liminal’s dedication to regulatory compliance and transparent operation remains a cornerstone of our business practices. We will continue to collaborate fully with relevant authorities while adhering to all legal and jurisdictional requirements governing our operations in India, Singapore and other territories globally,” the company added.
WazirX replenishes its hot wallets by transferring funds from its cold wallets when balances run low. Hot wallets are connected to the internet and enable quick transactions, while cold wallets are stored offline and provide greater security.
The hacker exploited this system by withdrawing and draining large amounts of GALA tokens from the hot wallet, leading the company to top up its GALA balance—an Ethereum-based token—by leveraging funds from its cold wallets.
The multi-signature wallets of WazirX had six signatories, five from the company and one from Liminal. Any transaction from its multi-signature wallet required approval from three of the company’s signatories, followed by a final authorisation from Liminal.
The chargesheet also reported that in August, the Delhi Police had arrested one individual from Medinipur, West Bengal, for his involvement in the hack, YourStory had exclusively reported on the matter.