Just days after the RBI announced its latest move to ring-fence banks from the risks associated with cryptocurrencies, popular cryptocurrency exchange Coinsecure reported that 438.318 bitcoins worth around Rs 19 crore had been stolen from its wallet. This might, in fact, be the country's biggest bitcoin theft.
According to media reports, the theft was exposed when users trading on the platform - which has over two lakh users across the country - complained that they were unable to access their funds in the last few days.
Delhi-based Coinsecure then posted an official notification on their website updating users of the situation. "We regret to inform you that our Bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control," said the letter to the users, adding that, "Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract BTG to distribute to our customers. Our CSO, Dr. Amitabh Saxena, was extracting BTG and he claims that funds have been lost in the process during the extraction of the private keys."
The company suspects an insider job. According to the FIR filed with the Cyber Cell, Delhi, on April 10, the user funds are securely kept in the company's bitcoin wallet, the private keys to which are held by Amitabh Saxena, Coinsecure's Chief Scientific Officer (CSO) and Mohit Kalra, the CEO.
For the uninitiated, bitcoins wallets are digital wallets and a user typically gets a public address and a private key to send/receive coins. According to Investopedia, the public address is where the funds are deposited and received. But even though a user has tokens deposited into his address, he won't be able to withdraw them without the unique private key, which is made up of 51 alphanumeric characters.
"As the private keys are kept with Dr. Amitabh Saxena, we feel that he is making a false story to divert our attention and he might have a role to play in this entire incident. The incident reported by Dr. Amitabh Saxena does not seem convincing to us," read the FIR. In light of the above, Coinsecure has requested authorities to seize the CSO's passport so that he cannot fly out of the country.
So what exactly happened? According to The Economic Times, the exchange found that all the bitcoins that were stored offline had vanished. It was later found that the private keys were leaked online, leading to the hack. The police reportedly found that the private keys were exposed online for more than 12 hours and are checking if a malware infection led to the hack.
The daily added that although the company tried to trace the hackers, it found that all the data logs of the affected wallets had been erased, leaving no clues about where the bitcoins were sent. Coinsecure's website has been shut ever since.
Thankfully, users don't have to worry about a hit to their bank balances. In its letter Coinsecure stated, "Irrespective of funds being recovered, we re-assure all our customers that you will be indemnified from our personal funds."