CoinDCX got hacked! $44.2M Drained?

[avikz]

I do use Indian exchanges to convert crypto to inr (money stays there momentarily) as I don't want to go through hassle of p2p (I have had bad experience with p2p dealings in past, which has left sour taste).

So you pay 30% tax?? OMG!

I have a question here. I guess Indian exchanges ask for the source of crypto you are trying to convert? I don't know as I have never used an Indian exchange.

Or are you allowed to fill your crypto wallet and covert them to INR after KYC verification?

I am asking this because I want to convert some of the signature wallet earnings to INR in future.

[pawanjain]

I do use Indian exchanges to convert crypto to inr (money stays there momentarily) as I don't want to go through hassle of p2p (I have had bad experience with p2p dealings in past, which has left sour taste).

So you pay 30% tax?? OMG!

I have a question here. I guess Indian exchanges ask for the source of crypto you are trying to convert? I don't know as I have never used an Indian exchange.

Or are you allowed to fill your crypto wallet and covert them to INR after KYC verification?

I am asking this because I want to convert some of the signature wallet earnings to INR in future.

Let me know if you want to go through a P2P trade. I know a person who with whom I can arrange a P2P trade. You can PM me if interested.
Coming back to your question, they don't ask for source of crypto if the amount is less and even if they ask then we can mention it and proceed with the transaction.
KYC verification is mandatory though and only if your KYC is fully verified you will be allowed for INR transactions.

[JSRAW]

I do use Indian exchanges to convert crypto to inr (money stays there momentarily) as I don't want to go through hassle of p2p (I have had bad experience with p2p dealings in past, which has left sour taste).

So you pay 30% tax?? OMG!

I have a question here. I guess Indian exchanges ask for the source of crypto you are trying to convert? I don't know as I have never used an Indian exchange.

Or are you allowed to fill your crypto wallet and covert them to INR after KYC verification?

I am asking this because I want to convert some of the signature wallet earnings to INR in future.

Coindcx will request for self declaration form in case of first time deposit for any coin. Usually there will be 3 options like exchange to exchange transfer or own wallet or 3rd person deposit, this info is mandatory.

Yes, once you fill up self declaration form, you can convert em to INR but make sure you already have verified profile, including face verification.

I don't know if its usually the case but there is a possibility of re verification if you are withdrawing big amount (above 50 lakh to crores), just don't panic. They only want to ensure if your account is legit and not compromised.

[pawanjain]

There's a new turn in the story now. Apparently an employee from their own firm seems to be involved in the hack.
Although the employee claims that he is innocent and has got nothing to do with the hack, the digital trail shows his laptop was compromised as his credentials were exposed.
He admits to be moonlighting and there is a possibility that one of the clients sent him an injected file which led to access to this work laptop.

Source: Bengaluru Techie Arrested in CoinDCX Theft

[LucyFurr]

There's a new turn in the story now. Apparently an employee from their own firm seems to be involved in the hack.
Although the employee claims that he is innocent and has got nothing to do with the hack, the digital trail shows his laptop was compromised as his credentials were exposed.
He admits to be moonlighting and there is a possibility that one of the clients sent him an injected file which led to access to this work laptop.

Source: Bengaluru Techie Arrested in CoinDCX Theft

He just took the bait. 

Investigators also discovered that Rs 15 lakh had been deposited into Rahul’s bank account from an unknown source. Rahul said he received a WhatsApp call from a German number asking him to complete some files.
He alleged that one of those files might have been a trap that let the hacker into his work system. He said he did not know about the theft until the company called him in. The Whitefield CEN crime police

I quoted this part from the article that explains how it happened and it's part of social engineering scam that he used his office laptop to do some online gigs and ended up giving access to the company's server so he is not really the one who stole the money but he gave the access to this unintentionally.

[pawanjain]

I quoted this part from the article that explains how it happened and it's part of social engineering scam that he used his office laptop to do some online gigs and ended up giving access to the company's server so he is not really the one who stole the money but he gave the access to this unintentionally.

Or so does it sound ?

It could have also been a well planned strategy to get away with the hack. What if all of it was pre-planned ?
We have already seen so many hacks where internal people were involved. This can be another one.
The possibilities are equal on both sides I would say.

[LucyFurr]

It could have also been a well planned strategy to get away with the hack. What if all of it was pre-planned ?
We have already seen so many hacks where internal people were involved. This can be another one.
The possibilities are equal on both sides I would say.

Could be, but if he is aware of this and being part of it then he might flee away from the country not just staying there in a location. I don't know whether he tried to hide in a location but from reading the articles it doesn't look, he was just used as a scapegoat by the hacker. Further investigations will unfold the real story.

[IIrik11]

so, this rahul(naam to suna hi hoga ) was an employee in coindcx and he was given a laptop

and that laptop had information of server that could give access to hackers for $44.2 million??

r u shitting me? even ambani wouldn't have access to that much money just on his own

wouldn't the company wallet/wallets that contain such a big amount require multiple sigs from different personnel?

i don't believe any of this.

[pawanjain]

It could have also been a well planned strategy to get away with the hack. What if all of it was pre-planned ?
We have already seen so many hacks where internal people were involved. This can be another one.
The possibilities are equal on both sides I would say.

Could be, but if he is aware of this and being part of it then he might flee away from the country not just staying there in a location. I don't know whether he tried to hide in a location but from reading the articles it doesn't look, he was just used as a scapegoat by the hacker. Further investigations will unfold the real story.

If he flee's away then it would be evidently clear that he was definitely involved in the hack but if he stays there and proves himself innocent then the hacking group gets away from the hack without anything.

so, this rahul(naam to suna hi hoga ) was an employee in coindcx and he was given a laptop

and that laptop had information of server that could give access to hackers for $44.2 million??

r u shitting me? even ambani wouldn't have access to that much money just on his own

wouldn't the company wallet/wallets that contain such a big amount require multiple sigs from different personnel?

i don't believe any of this.

Even I find it hard to believe this story. Rahul was a techie himself and looking from his picture he definitely gives me a hacker kind of feeling 
He was working with CoinDCX for 2 years as a DevOps Engineer as per his LinkedIn profile.
This gives him the knowledge of the infrastructure details of CoinDCX which could be enough to gain access to the server.
So according to me, I think Rahul was one of the members of the hacking group.

[ritik8288]

the oldest technique in the book by which companies always get hacked:

1)the person will pinpoint a crypto company which probably lacks good security or not proper educating the person who has access to the VPN with admin privileges if not then KRBTGT or TGT or obtain the TGT for any account that has the "Do not require Kerberos preauthentication" setting enabled or Kerberoasting


2)target a person with a sensitive role in the company by offering him quick earning money scheme jobs

3) infect him with screenconnect+signed by ev cert or any other form of infection method which are plenty for targetted attacks such as the meetings calendar etc etc

4) after infection just sit and watch his screen and learn what exactly he does on his pc by hvnc

5) if u are low on budget for purchasing the EV cert for signing the file or any other infection method, people usually get ended up phished(which i doubt happened in this case)

Using stolen credentials, attacker accesses the corporate email or VPN or by any privately written malware for this purpose

From there, they move laterally inside the network, escalate privileges, and exfiltrate data.


just be smart and keep ur funds on a ledger , (not your keys not ur wallet)

[ritik8288]

and 100% the starting point of these kind of attacks are from linkedin :wink: