Late yesterday, Indian cryptocurrency exchange Coinsecure (which now seems like an ironic name) announced that the exchange had lost of some of its bitcoins during an exercize to distribute BTG to its customers. In a letter posted on the homepage of its website, Coinsecure says that its system has never been hacked and instead laid the blame solely on its chief security officer (CSO), Dr. Amitabh Saxena.
It also posted a scanned copy of a letter of complaint about the CSO to the police. The letter states that the exchange was notified, on 9 April 2018, by the CSO that 438.318 bitcoins (according to CryptoCompare, worth around $3.5 million at press time) had been stolen from the firm’s bitcoin wallet “due to some attack”.
Here are these two images:
As you can see from the letter of complaint to the cybercrime division of New Dehli Police, Mohit Calra, the CEO of Coinsecure, is saying that only he and the CSO had access to the bitcoin wallet’s private keys, and that the police should seize the CSO’s passport to stop him from being able to flee the country.
Although Coinsecure is telling its users that it was not hacked, details provided on a report by The Times Of India (TOI), suggests that private keys were leaked online, which allowed hackers to steal these bitcoins. In an interview with the TOI, the CEO said that:
Private keys should have never been exported online. It looks like a crime committed intentionally. We have shared our suspicions with the Cyber Cell, and contacted specialists to find out the source of the hack and trace the bitcoins.
He added that if the bitcoin funds are not recovered, Coinsecure is willing to pay from its own pocket to compensate its customers.
According to TOI, the police have seized the firm’s servers and are examining them to find out if more wallets have been compromised and also to find out if a malware infection could be responsible for what happened.
We will update you as the story develops.