Grant Thornton’s review of Liminal’s infrastructure revealed no signs of any security breach within its frontend or backend systems, according to Liminal. Following a breach at Wazirx that resulted in the theft of over $230 million, internal and third-party investigations at Liminal identified a data discrepancy, though no security vulnerability was uncovered. The company emphasized that it lacks the capability to initiate transactions on behalf of clients, underscoring its security protocols.
Grant Thornton Confirms Liminal’s Systems Security, Company States
Liminal Custody announced on the social media platform X on Monday that leading auditor Grant Thornton had confirmed “the security of Liminal’s frontend and backend infrastructure.” The company noted that following the security incident at crypto exchange Wazirx, it had undertaken “extensive reviews to thoroughly examine the situation.” Wazirx has alleged that the breach originated within Liminal’s system.
In response to the July breach at Wazirx, Liminal launched an internal investigation and engaged third-party auditors to assess the security of its systems, the company detailed in a blog post. The inquiry uncovered “a mismatch between the data provided by Liminal and the payload received from the client’s systems,” raising questions about a possible compromise of its frontend systems. Grant Thornton’s assessment found that Liminal’s web application infrastructure, including its user interface (UI), displayed no vulnerabilities. Liminal reported:
Grant Thornton conducted a detailed assessment of Liminal’s infrastructure and have informed us that Liminal’s frontend and backend infrastructure is secure, with no evidence of any compromise or vulnerabilities related to the transaction workflow.
Liminal’s infrastructure supports self-custody wallets, where clients maintain control of their private keys. The company reiterated that it cannot perform transactions on behalf of clients, as actions are initiated exclusively by client systems. Liminal reaffirmed its commitment to strengthening security and transparency. “Based on these findings, it is more likely that the issue originated outside of Liminal’s systems and infrastructure,” the company emphasized, adding:
We reiterate that the product in question for this incident is our self-custody wallet infrastructure, wherein a majority of the private keys that control and operate the wallets remain with our clients on their infrastructure.
“In this product, Liminal can never initiate a transaction and all transactions always originate at our client’s end first,” the custodian firm stated.
Wazirx also maintained that its systems had not been compromised. In August, the exchange stated that cybersecurity firm Mandiant, a subsidiary of Google, had confirmed the security of the laptops used by Wazirx employees during the breach.
What do you think about Grant Thornton’s findings and Liminal’s response to the security incident at Wazirx? Let us know in the comments section below.
