Nearly 438 coins valued at Rs 19 crore have been swindled off. Surprisingly no guns were used in this loot. Like physical robbers mask their identities, this heist at Coinsecure, one of India's largest crypto-currency trading platform, saw hackers gaining access to so-called secure wallets and leaving away without any trace of their IP addresses.
The homepage of Coinsecure.in has been stickered with a letter to users explaining that the company was trying to recover funds and that users will be "indemnified from our personal funds."
Mohit Kalra, the CEO and founder of Coinsecure in his letter to the Delhi Cyber Crime Cell suspected the involvement of Dr. Amitabh Saxena, the Chief Security Officer at Coinsecure.
The letter reads, "the private keys are kept with Dr. Amitabh Saxena, we feel that he is making a false story to divert our attention and he might have a role to play in this entire incident..."
"The incident reported by Dr Amitabh Saxena, we feel that he is making a false story to divert our attention and he might have a role t play in this entire incident."
"Dr. Amitabh Saxena also has an Indian passport and he might fly out of the country soon, therefore, his passport should be seized so he can not fly out of the country."
The Cyber Crime Cell has registered the complaint and a formal investigation has been commenced. The investigation team found that the hackers had left no trail of their IP addresses, making it further difficult to reveal identities. The private keys, a security password that restricts unauthorised access to a wallet was publicly made available. Only two people had knowledge of the private key- Mohit Kalra the Founder and Dr Amitabh Saxena, the CSO.
The three year old bitcoin exchange immediately plastered its website with a regret message. It reads, "We regret to inform you that our bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control. Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract bitcoins to distribute to our customers."
Kalra was further quoted saying in news reports that besides the police complaint, he had also reached out to cyber crime experts to trace the bitcoins. The crime according to him may have been committed intentionally since the private keys were shared online. The system on which the private keys were stored was connected online. The investigators switched off Coinsecure's servers and are yet to rule out the possibility of a malware attack. The company's other wallets are also being scrutinized to check if they too were compromised.
The heist at one among India's top three crypto-currency platforms at a time when banks have been shying from processing crypto after a note by the Reserve Bank of India, further only raises eyebrows.