The chief executive officer of a Bitcoin exchange believes the theft of more than $3 billion from the platform was an inside job.
On 12 April, the team behind Coinsecure replaced the Indian exchange’s website with a statement. The notice reveals that someone exposed users’ Bitcoin funds and then stole them out of a wallet under the platform’s control.
According to Times of India, Coinsecure learned about the theft on 9 April when a security officer found that all the Bitcoins stored offline had vanished. Officials at the exchange later detected that someone had also posted the company’s private keys online for more than 12 hours.
When the platform attempted to track those responsible for the incident, it discovered that someone had erased the data logs for all the affected wallets.
Coinsecure subsequently shuttered its website and reported the theft to the New Delhi Police’s Cyber Cell, whose officers began examining the platform’s servers to determine the extent of the hack and interviewing senior security officers at the exchange.
As revealed in Coinsecure’s statement, the exchange’s CSO Dr. Amitabh Saxena claimed to have been extracting Bitcoin Gold (BTG) when 438.318 Bitcoins (the equivalent of $3,536,790,133.59) were lost to thieves in “some attack.” But Mohit Kaira, the platform’s CEO, didn’t buy Saxena’s story. As quoted in the complaint filed with the New Delhi Police:
As the private keys are kept with Dr. Amitabh Saxena, we feel that he is making a false story to divert our attention and he might have a role to play in this entire incident. The incident […] does not seem convincing to us.
Kaira went on to recommend that police seize Saxena’s Indian passport to prevent him from fleeing the country and to investigate the theft, which is the latest episode in a recent string of cryptocurrency hacks and heists, “as soon as possible.”
It’s unclear whether the New Delhi Police’s Cyber Cell acted on Kaira’s recommendations at the time of publication.
Coinsecure explained in its statement that it’s working to recover all funds stolen from users. Regardless of whether it’s successful in that effort, it pledged to reimburse users from its “personal funds.”