Update note: The article has been updated after Cashaa released more information about the hack and loss of funds.
Cashaa has become the latest in a long line of cryptocurrency exchanges which has lost Crypto funds to an attack. 336 bitcoins were stolen from an OTC partner of the exchange on Friday afternoon after an “OTC transaction Manager” logged into his system and made two transfers from the company’s wallet.
The UK based Neo-bank that offers financial services for cryptocurrency businesses, also runs a cryptocurrency exchange for retail investors and traders. Users from India could deposit INR into the exchange and then use it to buy cryptocurrencies. Cashaa also has an OTC desk that has partnerships with multiple Cryptocurrency exchanges in India.
Cashaa suspects a malware was installed onto the computer used to make exchange transfers like user withdrawals, which notified the hacker when their partner logged into the account at 1:23 PM on July 10 and made two transfers from the wallet. Cashaa’s OTC Transaction manager was using a Blockchain.com wallet to store and send BTC.
Between 1:23 PM and 1:26 PM, all the funds, around 336 BTC from the wallets were sent to one Bitcoin wallet – 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek.
Cyber Crime Incident Report
Coin Crunch received a copy and screenshots of Cyber Crime Incident report with acknowledgment number 20807200031555. The report is filed under Cryptocurrency Crime category. Coin Crunch could not independently verify the complaint with any police source.
In order to protect the identity and personal information of the employee, only the first page of the complaint is shared below. In the other images received by us, we noticed the email used to file the complaint belongs to the domain Cashaa.com. We also verified the phone number on the report using third party phone number validation tools, it belonged to the same person whose name is used in the report.
Cashaa added, “We are still investigating the damage caused by the incident and might suspend all deposits and withdrawals for 24 hours”.
While not commenting on the hack itself, the CEO of Cashaa blamed increase in hacking incidents on the exchanges that support trading where these hackers can deposit the funds.
“Everyone working in the crypto industry has to work very hard to bring the same level of security which currently an average person has when dealing with a bank account. As of today, hackers are very confident to hack crypto addresses and move it through exchanges that are facilitating such laundering through their systems. Exchanges like these must be shut down and owners of these exchanges should be charged with money laundering facilitation crime.”Kumar Gaurav, CEO Cashaa
Cashaa’s report on the “Hack”
Coin Crunch broke the news of the hack in order to alert exchanges and individuals, after the CEO of Cashaa Kumar Gaurav shared the statement and copy of the complaint with us. Soon after Cashaa released a public statement on twitter and an article on Tuesday.
Cashaa Wallets are Safe
Cashaa in its statement clarified that the funds on Cashaa Wallets and Cashaa.com are safe and the incident was an isolated case when one of their OTC employee used a personal machine to process user transactions. The CEO Kumar Gaurav in the statement says Cashaa UK is completed unaffected.
“A cyberattack occurred on our system that was able to penetrate a vulnerable machine of a ‘Cashaa India OTC’ Employee. Within microseconds, all the funds in that account were wiped off in this first transaction signed.”Cashaa
Employee used a personal computer
The employee apparently was unable to use his company computer as the device was malfunctioning hence was given an approval to use a personal computer and online wallets to process transactions. He started using it on July 8, two days before the “hack”.
“We made an exception and allowed him to do so keeping ‘customer experience’ in mind for the ongoing OTC deals/transactions.”Cashaa
Once the employee made a couple of transactions using the personal computer on July 10, the rest of the funds from the wallet were stolen by hackers within short time.
“Hackers got the control of our employee’s computer with active sessions opened in the browser. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used.”Cashaa
Support from Exchanges
Almost all exchanges have extended support to Cashaa in monitoring the addresses and report any suspicious transactions. Judging from the transactions from the reported address, it appears a coin Mixture software is being used to move the funds and reduce traceability.
Ditto – connecting in @zebpaysupport we will black list the hacked addresses. . .— Rahul (ZebPay) Pagidipati (@eth_us) July 11, 2020
Thanks for the info. We’ll help the Cashaa team in whatever way we can ?— Nischal (WazirX) ⚡️ (@NischalShetty) July 11, 2020
Dear @ThatNaimish,— CoinDCX: India’s Largest Cryptocurrency Exchange (@CoinDCX) July 11, 2020
Thank you for the information. We are taking all necessary precautions and are working closely with the Cashaa team to extend all necessary help.
Thanks. We have marked the addresses and would work with cashaa team and others to ensure we do not let the funds move further.— Bitbns (@bitbns) July 11, 2020
Cover Image by Robinraj Premchand from Pixabay