The Cashaa Hack: Investigators Stay Silent as Inside Job Rumors Emerge

Published at: July 19, 2020

On July 11, fraudsters hacked into digital payment platform Cashaa’s over-the-counter desk, which serves Indian customers, and stole 336 Bitcoin (BTC), worth approximately $3.1million. Although Cashaa stated that there have been no users affected by this hack, they did put a hard stop on all crypto-related transactions for 24 hours to understand the incident better.

Cashaa is a United Kingdom-based crypto-friendly bank that deals with Bitcoin OTC operations and works with major traditional and crypto exchanges in India. According to an official statement, the incident took place with an OTC transaction manager based in East Delhi, India, whose personal computer was attacked with malware. Kumar Gaurav, founder and CEO of Cashaa, revealed to Cointelegraph more details on the underlying circumstances that led to this incident:

“On 8th July 2020, the employee had reported a machine malfunction with the computer provided to him by the company. Hence, he requested to operate from his personal computer to set up multiple alternative online wallets on various platforms like Blockchain.com, Huobi etc. We made an exception and allowed him to do so, keeping ‘customer experience’ in mind for the ongoing OTC deals/transactions.”

The circumstances leading to the hack

Cashaa presumes that malware was installed onto the employee’s personal computer, which was linked to a system enabling exchange transactions through the system. The targeted wallet was one that Cashaa used on Blockchain.com for Bitcoin transactions. Gaurav also added that following the mishap, the compromised device has been in the custody of the company’s investigation team with the employee being suspended until the end of the investigation. To further discussing the methods used to break into the Cashaa ecosystem, Gaurav revealed:

“Hackers got the control of our employee’s computer with active sessions opened in the browser. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used.”

The firm states that it has filed an incident report with the Cyber Crime division of the Delhi Crime Bureau. Cashaa even shared the Bitcoin wallet address of the hacker in a tweet, tagging all the major exchanges, namely WazirX, Binance, CoinDCX and Bitbns and urging them to monitor all transactions related to the address and other wallets that have transacted with it since the incident.

Aftermath

Immediately after the incident, Cashaa called for a board meeting to decide if the company would be absorbing all the losses and how these incidents can be avoided in the future. Cointelegraph discussed the outcome of this board meeting with Gaurav, and he stated that an announcement will be made soon, adding: “This is a country-specific incident and hence the management of that subsidiary (Cashaa India OTC) will come up with some deliverables including standards of future operations, security and client relations.”

It would be essential for the firm to account and absorb these losses within their ecosystem, as hacks like these usually remain unsolved. However, top executives from exchanges like ZebPay, WazirX, CoinDCX and Bitbns have shown their support for Cashaa on Twitter, assuring the company that they will take all the necessary precautions to ensure that they do not allow the movement of those funds if they can be traced. 

Gaurav acknowledged this support and commented further on the possibility of recovery referring to the Upbit hack: “All our partners and customers have joined together to give out a strong message to hackers that cashing out hacked Bitcoin is not going to be easy.” He went on to add that many exchanges have “blacklisted the hacker’s address.” 

Community wary of such hacks

Amid several Twitter allegations that this hack seemed like a fraudulent exit scam, which even raised questions about the company’s CAS currency, a source, who chose to remain anonymous, told Cointelegraph that it is believed the theft was an inside job done by a high-ranking executive of the bank. Cointelegraph discussed this possibility Daniel Worsley, a co-founder and the chief operating officer of LocalCoinSwap — a peer-to-peer cryptocurrency marketplace — who stated:

“It is definitely plausible that this could be an inside hack. Cashaa will now begin an internal investigative process to try and determine how the malware ended up on the computer and who had access to the wallet that was breached.”

It is also important to note that 336 BTC was stored in a hot wallet with no multi signatures, which seems highly odd for a firm with payments expertise. With more than a week passing after the hack and despite having the affected computer in its possession, Cashaa still hasn’t announced what caused the attack. Cointelegraph discussed more on the specifics with Sidharth Sogani, the founder and CEO of CREBACO — a crypto research and analytics firm — who revealed:

“The funds were on a single signature legacy hot wallet, which is not apt for an exchange. The funds were moved to legacy wallets as well, usually planned hackers don’t use legacy anymore, they use bech32 as it’s faster, definitely the hack wasn’t don’t by a hacker, but someone naive on the tech.”

Pointing out how the funds were stored was also a breach of common protocol, Sogain further stated: “As per CREBACO benchmarks, any digital assets exchange having more than 100 BTC must have an HSM in place to protect the funds.” When Cashaa commented on the possibility of this being an inside job, the company wasn’t able to commit with confidence that it wasn’t. Gaurav stated:

“It does not seem like an Insider job. The investigating cybercrime company hasn’t given us a hint in that direction. Besides that, we cannot be sure of anything till the time those ‘hacked Bitcoins’ are encashed and the trail ends at an eventual beneficiary.”

Possibilities under proper regulation

As this hack affected the India entity of Cashaa, where there are little or no regulations around cryptocurrencies, there is no regulatory body that can step in to resolve the issue and help in recovering the lost funds. Worsley opined on the matter:

“I believe that regulation could help to reduce the risk of hacks like this. Alternatively, users can keep themselves safe by using decentralized exchanges where they are in control of their funds and private cryptographic keys throughout the trading and asset storage processes.”

For a perspective on ecosystem security, Cointelegraph reached out to Javvad Malik, a security awareness advocate at KnowBe4 — a web security awareness training platform. By elaborating on the systems that crypto platforms could adopt from traditional banks, he said:

“Even without regulations, though, cryptocurrency exchanges should look to implement stringent safeguards across processes, technologies and people to reduce the likelihood of fraud or theft. This would mean having controls similar to those of traditional banks, such as multi-factor authentication, segregation of duties, segregated systems and user awareness training, threat detection controls and response capabilities, to name a few.”

Regardless of the regulatory situation, Worsley feels that this hack could have been avoided if Cashaa wasn’t using Blockchain.com’s wallet — a third-party wallet — to manage its funds. He further commented: “Many of the most reputable exchanges utilize hardware wallets or hardware security modules to store and handle the crypto assets under management. Although no system is 100% secure, one set up like this would be much harder to breach.”

Insider job or not, such hacks in the crypto industry do not bode well for the overall reputation of the sector in the minds of investors and governing bodies alike. Especially in a country like India, regulators have only started to understand the nuances of crypto and blockchain technologies.

Tags
Otc
Related Posts
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Bitfinex hackers move another $30M in stolen Bitcoin from 2016
Bitcoins (BTC) stolen from major cryptocurrency exchange Bitfinex back in 2016 are on the move again, as hackers shift another massive batch of funds to unknown wallets. According to data from crypto transaction tracking service Whale Alert, Bitfinex hackers moved more than $4.6 million in stolen BTC on Oct. 8. These funds were sent to unknown wallets in two separate transactions of 435 BTC and 8 BTC. But the hackers have moved far more than this amount earlier this week. According to Whale Alert, Bitfinex hackers completed seven more similar transactions on Oct. 7, totaling at 2,900 Bitcoin, or $26.4 …
Bitcoin / Oct. 8, 2020
Hacker Stole 336 BTC from Crypto Exchange Cashaa
U.K.-based cryptocurrency exchange Cashaa reported that hackers stole more than 336 Bitcoin (BTC). The company has ceased all the crypto-related transactions, however, users were reportedly not affected by this hack. The company suspects that the hackers are based in east Delhi, India. The company claims it has filed a cybercrime incident report to the Delhi crime bureau with acknowledgment number 20807200031555 under the cryptocurrency crime category. Cashaa suspects a piece of malware was installed onto the system that facilitated exchange transfers, such as user withdrawals. The malware notified the hacker when an employee logged into the account on July 10 …
Bitcoin / July 11, 2020
CZ Blames ‘Self-Perceived Competitors’ for New DDoS Attacks on Binance
The world’s largest cryptocurrency exchange, Binance, has faced a series of distributed denial of service, or DDoS, attacks on its Chinese domains earlier today. Binance CEO and founder, Changpeng Zhao, or CZ, tweeted about the attacks on April 29. He explained that the DDoS attacks caused “some lag and interruption of network access.” Binance CEO reassured that there is no need to be concerned, noting that systems are stable and user funds are safe. Binance co-founder Yi He reportedly alerted the issue earlier today In the tweet, CZ also suggested that the new DDoS attacks on Binance were triggered by …
Bitcoin / April 29, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019