Liminal says the WazirX incident affected a single imported Gnosis SAFE smart contract wallet rather than Liminal-hosted wallet infrastructure. Its investigation attributes the attack path to three compromised WazirX signer devices that injected malicious payloads into otherwise legitimate GALA and USDT transaction attempts, exposing signatures for later attacker use. The report states that Liminal rejected the mismatched transactions, but the attacker had already obtained the signatures through the compromised client-side machines. Liminal frames the event as a targeted attack on one WazirX 4-of-6 multisig wallet and says other WazirX SAFE wallets deployed fully inside its platform remained secure.