Coin-Secure Exchange Hack - Tracking & Discussions

[Joel_Jantsen]

Website : https://coinsecure.in/  [For Updates About the Hack]

As most of you might be aware,on 9th April 2018 Coinsecure, an Indian exchange got hacked of 438 bitcoins.There are various discussions on-going in the company about the hacker and as per the statement made by them,their prime suspect is the CSO of the company : Dr. Amitabh Saxena.

There is also a bounty of 10% to the community for the recovery of bitcoins. (Honestly,I don't think one has to take the bounty part seriously because we know how fucked up such services are when it comes to bounties/bug-bounties unless of-course if they choose to escrow 10% of the amount)

I decided to track the bitcoins and hopefully some of you geniuses out there are much better at it than me and I hope you'd find something interesting.

Note :- I'm not affiliated to coinsecure or any their employees by any means.

Main address where the bitcoins were moved after the hack : https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA [438 BTC] [Final Balance: 49 BTC]
(1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA)

From here,Bitcoins are moved to various addresses including a BitcoinMixer.

This transaction especially : https://blockchain.info/tx/2e901e2455e38a250504528af5f7e3ccb2a6626a6fa74e5d434c63cedb0966d0
where BTC sent to address :    17dJcMi2JdVGwNLARmujmqbvAvns6yGgXb  which is part of this wallet : BitcoinFog (Tor Based Bitcoin Tumblr)

[1714613580]

1714613580

[1714613580]

1714613580

[1714613580]

1714613580

[1714613580]

1714613580

[Real14Hero]

It's really hard to track them once they have entered the mixer.Those bitcoins are as good as gone.
Instead of tracking down the bitcoins, they should be track down the hacker.How did the keys got leaked in the first place?What could have caused the leak?

Coinsecure should give more details about the origin of the attack.The customers deserves to know it.It wasn't their money at first place!
Inspecting the origin of the hack will give better leads rather than searching for a needle in a haystack.

[Joel_Jantsen]

It's really hard to track them once they have entered the mixer.Those bitcoins are as good as gone.
Instead of tracking down the bitcoins, they should be track down the hacker.How did the keys got leaked in the first place?What could have caused the leak?

Hard.Not impossible.Like I said,they have already filed an FIR against their CSO as a prime suspect.Given the technology and interest of the Indian Cyber Cell department on the subject,they will never find out if the accused is actually a hacker given that even the Coinsecure team doesn't have solid evidences against him.

Coinsecure should give more details about the origin of the attack.The customers deserves to know it.It wasn't their money at first place!
Inspecting the origin of the hack will give better leads rather than searching for a needle in a haystack.

You might as want to read their updates on the website,that should be enough to begin with.

[zuber_amla]

read my post on thread https://bitcointalk.org/index.php?topic=3314633.0

[Joel_Jantsen]

read my post on thread https://bitcointalk.org/index.php?topic=3314633.0

Sure,that certainly seems insightful.Cross Quoting it here as well

Dr. Amitabh Saxena was appointed as Coinsecure CSO in Sept, 2017.

Dr. Amitabh Saxena has immense experience including a stint as a professor of Computer Science in Australia for several years. He has also worked with giants such as Hewlett Packard and Accenture.

https://www.cryptoninjas.net/2017/09/24/dr-amitabh-saxena-appointed-c-s-o-bitcoin-exchange-coinsecure/.

How is it possible that such experienced person can make mistake like this while dealing with 438.31BTC which is worth about $3.8million?

9th April, 2018 - Coinsecure update on webpage says 438.31859715 BTC siphoned out to BTC Address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA between 12:35 AM IST - 06:29 AM IST.
In fact 438.31859715 BTC was moved to above mentioned address between 2018-04-08 19:05:07 - 2018-04-09 00:40:50, please verify here https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA .

Some of Coinsecure's lost BTC funds are currently in addresses below.

1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA  139.42094629 BTC

1EL6w4XM7MVXJocdKbUprQszDkV87EQHeZ    9.44412409 BTC

3QmzSdCoPNQqpFmyyDFpMqWiTdLFrvLXfx    1.10477778 BTC

38GGuZBJD23uav4o2Urzqo3ZNkKUjr5xx3   12.49789000 BTC

19984XPvZux8bEdW4SBPmknevWZauamCnG   65.17902000 BTC

38RKQE1Mx9cmhB5j1xbMhmJLudANouWD5C    6.62085686 BTC

Coinsecure update-2 Friday, 13.04.2018 stating BTC funds siphoned, complaint reported to cyber cell Delhi and they are working with invetigation authorities.

No BTC funds are transfered out of address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA after 2018-04-13 08:46:22.

Why Coinsecure don't updates more details about exactly what happened?
Was this happened before insertion of private key or after insertion?
What wallet was used for BTG fork coins?   

1.Inside Job ? I'm surprised Benson Samuel didn't care to give an update on bitcointalk yet.Makes it seem like he took the moderator status for granted.
2.There's a lot more to it.
   - Which wallet was used to store or fork the coins from ?
   - How was the server accessed ?
   - How many members from among the team had access to these wallets ?
   - How did the keys get compromised ?

[Stringer Bell]

It really looks like an inside job.

"Dr. Amitabh Saxena" should have the ability to split coins safely, I managed to do it myself without incident.


Disappointed Shareholder

[Joel_Jantsen]

It really looks like an inside job.

"Dr. Amitabh Saxena" should have the ability to split coins safely, I managed to do it myself without incident.


Disappointed Shareholder

Considering he is a "Scientist" & a "Crypto-Expert" it should have been a child's play for him.But no,he had to come up with better excuses to steal the money.Less should we care.Anyway,do you hold the company shares or have any stakes at the company ? I don't know how should I interpret the term shareholder as.Did you lose bitcoins too ?

[Vod]

It's really hard to track them once they have entered the mixer.Those bitcoins are as good as gone.

Only if the owner of the mixer doesn't track the coins.  How many of these amatuer operators wouldn't be curious, or save for later extortion?

Get a serious enough hack, and the FBI will seize the servers and track those coins down.

[Stringer Bell]

It really looks like an inside job.

"Dr. Amitabh Saxena" should have the ability to split coins safely, I managed to do it myself without incident.


Disappointed Shareholder

Considering he is a "Scientist" & a "Crypto-Expert" it should have been a child's play for him.But no,he had to come up with better excuses to steal the money.Less should we care.Anyway,do you hold the company shares or have any stakes at the company ? I don't know how should I interpret the term shareholder as.Did you lose bitcoins too ?

They had an offering on bnktothefuture.com - I think they raised 500-600k USD total, in exchange for a little equity. I picked up a very small stake via this offering, not expecting to see that money again now it looks like the company is vanishing. They were very slow updating us on what was going on, even providing the share certificates took forever.

Can't say I was extremely surprised, more than anything else I wish they'd give the customers back their BTC.. They fucked up a large number of people's BTC adventure by doing this. Think they had 20k customers. Those small deposits could be big money for their holders one day.

[Rotten Egg]

Tracing down the coins from Co-Insecure hack - https://bitcointalk.org/index.php?topic=5204728.0