London-based cryptocurrency exchange Cashaa revealed it lost 336 bitcoin, at press time worth $3.1 million, to hackers who managed to access one of its cryptocurrency wallets.
According to a tweet the exchange published on July 11, the attackers managed to access one of its Blockchain.com wallets, and quickly transferred the funds to an address they control. From the address they went to the BTC has been through a series of hops, suggesting the use of coin mixing software to limit traceability and throw off blockchain sleuths.
Cashaa believes that the attacker may have managed to infect one of its computers with malware, and then waited for an employee to access its machine. As soon as that happened, the funds were moved out of its wallet. Reacting to the security breach, the exchange halted withdrawals and deposits and “called the board meeting to decide whether the company will bear all the losses.”
The exchange suspects the hacker is from east Delhi, India, and filed a report with the Delhi police cybercrimes department.
Cyber Crime department in Delhi is informed. Also, all the crypto exchanges have been notified about the hacker address (14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek) to block the #Bitcoin transaction. pic.twitter.com/Fe6ZlxtrQF
— Cashaa (@yourCashaa) July 11, 2020
Cashaa also reached out to other cryptocurrency exchanges and businesses informing them of the address, in a bid to stop the hacker from cashing out. In statements provided to industry media Kumar Gaurav, Cashaa’s CEO, seemingly lashed out at trading platforms that allow hackers to cash out.
Gaurav was quoted as saying:
As of today, hackers are very confident to hack crypto addresses and move it through exchanges that are facilitating such laundering through their systems. Exchanges like these must be shut down and owners of these exchanges should be charged with money laundering facilitation crime.
CryptoCompare’s Exchange Benchmark report, as recently reported, revealed that 38% of crypto exchanges interact with high-risk entities in 25% or more of their transactions. High-risk entities are those associated with darknet markets and vendors, criminals, gambling projects, malware operators, and others.