by Nuno Menezes
Coinsecure, one of the most popular bitcoin exchanges in India, announced it had 438.3186 bitcoin (BTC) – around $3.6 million at current exchange rates – stolen from the company’s main wallet on Friday, April 13. To spice up the story even further, the exchange is accusing its own CSO, Dr. Amitabh Saxena, of the theft.
Mohit Kalra, the CEO of Coinsecure, accused his CSO of the theft. When the exchange announced the highjack, the company’s CEO declared he had strong suspicions that Coinsecure’s CSO was probably responsible for the incident as the evidence he pointed out suggested an inside job. Indrajeet Bhuyan, a prominent Indian security researcher, says that this is the first time such an incident has happened at an Indian bitcoin exchange.
According to Bleeping Computer, the exchange announced the robbery of just over 438 BTC on the morning of April 13, after posting two images on its webpage. One of the images contained a statement signed by the exchange team announcing the incident while the second image contained a scanned copy of a complaint made by Kalra filed with the New Delhi police.
The Company’s CSO is the Prime suspect
Kalra, who founded Coinsecure in 2014, immediately pointed the finger to the exchange’s CSO, but despite his accusations, there are still no certain pieces of evidence corroborating the CEO’s view.
Kalra wrote on the announcement:
“Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract BTG [Bitcoin Gold] to distribute to our customers. Our CSO, Dr. Amitabh Saxena, was extracting BTG and he claims that funds have been lost in the process during the extraction of the private keys.”
The exchange’s CEO is now demanding that New Delhi police seizes Dr. Saxena’s passport as he believes he might be planning a runaway from the country very soon.
Following the police complaint, Dr. Saxena already came forth saying that he was not the culprit for the incident and blamed the theft on an attack made to the company’s bitcoin wallet. While Dr. Saxena declared his innocence, Kalra ensures that apart from him, Dr. Saxena was the only person with access to the wallet’s private keys.
No Signs of a Hack
Coinsecure’s CEO did not buy Dr. Saxena’s excuses and stressed that the former company employee had devised a false plot of a supposed attack on the exchange to divert his and the police’s attention. He says that aside from him, the only person able to reach the company main wallet was Dr. Saxena and that there is no sign of an attack.
The incident happens four days after the Reserve Bank of India (RBI) prohibited financial institutions and local banks from dealing in cryptocurrencies, causing a great deal of concerns among cryptocurrency enthusiasts in the country.
According to the Cyber Crime Cell Delhi Police, “In the absence of a legal framework, it is not advisable for citizens to deal with virtual currencies such as bitcoins. These currencies are normally used by criminals operating on the dark web or the hidden web. Legal, bonafide businesses do not normally use bitcoins. Therefore any request for business transaction in bitcoins should raise suspicious and should be avoided.”
Coinsecure Promises Customers a Refund
The Delhi-based exchange followed up for support from the community on Friday, April 13, 2018, asking for help to bring the culprits to justice with ten percent commision for the recovery of bitcoin. Coinsecure stated in their update after the heist that a total of 438.3186 BTC has been lost and moved to account 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA.
On April 14, 2018, Coinsecure released further updates to provide customers with a sequence of events since the theft and promised customers a full refund of their lost balances.
The Indian cryptocurrency exchange’s recent update on April 14, 2018, mentions that any “INR funds [customers] have with…Coinsecure, are 100 percent safe.”
“Through the course of the investigation, should we be able to recover all of our BTC, all our customers’ BTC holdings will be refunded as per the balance they held with Coinsecure. However, if recovery of siphoned BTC is not possible, then we will apply the lock in rates as of the 9th of April, 2018. 10 percent of the Coin Holding Balance will be refunded in BTC and 90 percent will be returned in INR.”
While the exchange has not released further information concerning upcoming procedures, they are planning on coming back online and are waiting from the authorities to see how they can move forward.
Exchanges are a Weak Point
Coinsecure is not the only digital currency exchange to suffer security breaches that result in significant losses. In March 2018, $530 million was stolen from Coincheck, a Japanese cryptocurrency exchange that affected over 260,000 investors. Another heist of $400 million was stolen from Mt. Gox in 2014.
“Large-scale hacks are among the biggest risks faced today by the global crypto community,” said Henri Arslanian, a financial technology expert PwC. The Coinsecure theft is the latest in a recent series of thefts targeted at young and unregulated exchanges.
Contributions by Cindy Huynh.