United Kingdom-based cryptocurrency exchange, Cashaa lost about 337BTC (appr. $3.1 million) in a security breach this week. Cashaa primarily allows EU and Indian residents to deposit fiat on the platform, and then use it to buy cryptocurrencies.
According to a July 11 tweet made by the company, hackers compromised one of their wallets on Friday after an employee logged in to the exchange’s system and made two transfers from the company’s wallet.
Further insights into the case by India-based cryptocurrency news agency, Coin Crunch revealed that a malware installed into the computer before the initial transfer must have notified the hackers when the employee logged in to the account that Friday. Five minutes later, the remaining funds in the company’s wallet that was about 336 BTC were sent to a different address.
Cashaa had said they only use Blockchain.com wallet to store and send BTC with the hackers moving the stolen funds to wallet address 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek. At the time of writing, the funds have been moved from this address, with a mixer software likely being used to obfuscate the source of the funds.
Meanwhile, the company has paused deposits and withdrawals temporarily and filed a Cyber Crime Incident report with acknowledgment number 20807200031555, under the cryptocurrency crime category to further investigations. Notably, the name of the employee who made the initial transfers was withheld for security reasons.
The CEO of Cashaa, Kumar Gaurav, blamed an increase in hacking incidents like this one experienced by his company, on the exchanges that support trading where these hackers can deposit the stolen funds.
“As of today, hackers are very confident to hack crypto addresses and move it through exchanges that are facilitating such laundering through their systems. Exchanges like these must be shut down, and owners of these exchanges should be charged with money laundering facilitation crime.” he said.
As with other exchange hacks in the past, India-based crypto exchanges including CoinDCX, WazirX and ZebPay have shown a willingness to support Cashaa in monitoring the addresses. They have promised to report any suspicious transactions.