Cobo analyzes the July 2024 WazirX incident as a Safe multisig compromise that let attackers transfer about $230 million in assets from an Indian exchange wallet. The wallet used a four-of-six approval model, with five WazirX hardware-wallet signers and one Liminal Custody HSM key, but attackers obtained three WazirX signatures for what users believed were normal GALA and USDT transfers. The signed data instead authorized a malicious smart contract upgrade, and Liminal's final signature allowed the upgrade transaction to reach the blockchain. Cobo assesses that the most likely failure involved transaction display manipulation through man-in-the-middle, XSS, or another interface-level exploit, combined with insufficient Liminal risk controls and signer reliance on the platform display rather than hardware-wallet transaction details.