Nearly 438 bitcoins worth over Rs 20 crore were stolen from a top exchange firm in India in what is being billed as the biggest cryptocurrency theft in the country so far.
Coinsecure, the Delhi-based cryptocurrency exchange, has filed an FIR with the cyber cell accusing its CSO, Amitabh Saxena, of siphoning off the money from the firm's wallet, ET's Nilesh Christopher reported. The exchange has urged the government to seize Saxena's passport, fearing that he may leave the country. A case has been registered under IPC sections and Section 66 of the IT Act.
What exactly happened?
The exchange, which has over two lakh users across the country, found that all the bitcoins that were stored offline had vanished. It was later found that the private keys — the password that is kept by the company and is stored offline — were leaked online, leading to the hack.
The company tried to trace the hackers, but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred. The website of the company has since then remained shut.
On Thursday night, the company confirmed the hack to their users through a message posted on the website.
“We regret to inform you that our bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control. Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract bitcoins to distribute to our customers,” the company stated.
The company’s founder and CEO Mohit Kalra told TOI that he suspects an insider’s hand in this.
“Private keys should have never been exported online. It looks like a crime committed intentionally. We have shared our suspicions with the Cyber Cell, and contacted specialists to find out the source of the hack and trace the bitcoins,” Kalra said, adding that even if funds are not recovered, his company is willing to pay from its own pocket to compensate its customers.
Police said that the company’s servers have been seized to ascertain the extent of the system breach. It is also being checked if more wallets have been compromised. The senior security officials of the company have also been called in for questioning.
Cyber security experts said that the private keys – the password that is kept by the company is never connected to an online system. But police found that not only were the private keys online, they were kept like that for more than 12 hours. Police are also checking if malware infection led to the hack.
The company issued a letter to its users regarding the same:
Dear Users,
We regret to inform you that our Bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control.
Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract BTG to distribute to our Our CSO, Dr. Amitabh Saxena, was extracting BTG and he claims that funds have been lost in the process during the extraction of the private keys.
An FIR has been lodged with the Cyber Cell, Delhi (copy of the complaint enclosed), and we have expert investigators already on the case.
We are working round the clock to restore services and to try and recover all of the lost funds, and we shall keep all our users posted on the outcome of the details to ensure utmost transparency. Coinsecure has always been a progressive company, and we have proven our commitment towards that. Our Android and iOS apps were recently launched, and we were at the cusp of moving into a multi-coin architecture before this incident.
We are hoping that as users of Coinsecure, you will stand by us in this hour of need by providing us with your help and support as we diligently work to ensure that all of our customers' funds are recovered and to leave no stone unturned. Irrespective of funds being recovered, we re-assure all our customers that you will be indemnified from our personal funds.
We again take this opportunity to thank you for your continued support and cooperation.
Warm Regards,
Team Coinsecure
No comments:
Post a Comment