I hoped not, but the reports and stories are not so welcoming.
Big News: Coinsecure, the Indian Bitcoin exchange, is in trouble. Whether it has either been hacked or its bitcoins have been stolen is still debatable.
Firstly, for the newcomers, let me introduce you to Coinsecure.
- Headquarters: Delhi
- Founding Year: 2014
- Founders: Mohit Kalra, Benson Samuel
Coinsecure needs no introduction, at least not to the Indian audience. It is one of the early movers of Bitcoin and blockchain technology in India. For years together they have provided an easy to use Bitcoin exchange, merchant services, a blockchain explorer, as well as a hosted wallet.
They are also the pioneering exchange in India to keep order books for bitcoins to make an effective marketplace for Bitcoin buyers/sellers.
By doing all this, Coinsecure had garnered quite some respect in the Indian Bitcoin community, but Coinsecure is in deep waters after yesterday’s news.
Yesterday, in a letter to its users, Coinsecure admitted that the rumors of it being hacked or compromised in insidious ways are true.
According to Coinsecure, 438.318 BTC worth approximately $3 million have been lost and transferred to a Bitcoin address that Coinsecure doesn’t control.
The note also elucidates that this loss is not a direct result of their infrastructure being compromised or hacked but instead it was due to their CSO Dr. Amitabh Saxsena extracting Bitcoin Gold from Bitcoin. And as a result, their CSO claimed that bitcoins were lost.
Here is the full note from Coinsecure:
On 9th April 2018, the CSO informed the Coinsecure management that 438.318 BTC were stolen from the company’s wallet as a result of an attack.
But the question is, how can it be when the CSO himself had the private keys.
Well, just like you and me, the Coinsecure management has refused to believe the CSO’s version of the story and have lodged an FIR against him with the Cyber Cell, Delhi. The CSO is on the run as experts investigate the case.
Here is the copy of the FIR:
Now Coinsecure’s follow-up update after 12th April is very questionable.
Now they are seeking help from the Bitcoin community and other users who can help them identify the hacker or give them any lead in recovering the lost funds. For this, they have announced a bounty of 10% of overall funds lost i.e. 43.8 BTC in reward.
Here is the full copy of the update:
Coinsecure has announced their most awaited repayment plan and here is it:
Questions And Some More Questions
The first question that I have for Coinsecure is, why on earth would an exchange not use a multi-sig wallet to secure their funds. How can they trust one single person with private keys?
Another assumption is if it was a multi-sig wallet then who is the other party involved or is it a planned exit scam from the market and the FIR a gimmick for distraction?
Of course, we understand that Coinsecure has mentioned about refunding the losses to its investors from its own pocket if needed, but how and when will it happen? Do they simply want to start another Ponzi token economics drama just like Bitfinex did after its hack?
Update #3 from Coinsecure is out and it says- “If recovery of siphoned BTC is not possible, then we will apply the lock in rates as of the 9th of April, 2018. 10% of the coin holding balance will be refunded in BTC and 90% will be returned in INR.” This good tactic but not the best because 90% will be returned in INR and if BTC surges to above $10,000 it will be a huge loss to the BTC holders who kept their BTC in Coinsecure. In my opinion, it is fairer to repay it whole in BTC.
More so, with the investigation, if it gets evident that they did not have a multi-sig wallet, it would be a huge question mark on their ability to run an exchange. If their multi-sig wallet was under theft, it will again raise many questions as to who else was involved in this heist.
And what to say of their update no #2, it only raises more questions and goes a bit contradictory to what they said before. Their FIR is against their CSO and now they are saying to the community to help them identify the hacker. (Only God knows what is happening!!)
But if you ask me, it looks like a planned mess and chaos to hide something up and maybe an exist scam in its last stage. But we need to wait and see how they refund the users, if that’s not directly in BTC to the affected users then this will be a serious problem to ponder upon.
Nevertheless, believe it or not, this is a big blow to the Indian Bitcoin and cryptocurrency market after RBI banned banks to deal with Bitcoin businesses and individuals last week: RBI Bans Indian Banks From Facilitating Services To Crypto Related Individuals & Businesses.
Lastly, I repeat, don’t keep your Bitcoin in any centralized exchange in the world because they are not safe. Always rely on self-hosted Bitcoin wallets where you control your private keys such as:
Like this post? Do share it with your friends & family to keep them informed!
Further suggested readings: