Cashaa hacked. 336 BTC Stolen. | Bitcointalksearch.org

FlightyPouch

sr. member

Activity: 1638

Merit: 300

Quote from: ?? on ??

Quote from: LoyceMobile on July 11, 2020, 04:14:07 PM

Putting 336 Bitcoin in a web wallet should be considered a crime by itself!

Yeah, what the fuck is wrong with people!!!! Also this is definitely not the first time things like this have come to light.

That is why I am confused why did they do this. So this hints that either they did not read anything that happened about exchanges before with the same strategy of storing their bitcoins in a webwallet or maybe this is an inside job. I don't think that they are not that stupid to not learn from the pasts of hacked exchanges so this might be an inside job, don't you think?

Falkyire

newbie

Activity: 31

Merit: 0

incidents like these remind me of Mt. Gox esuque "oops i got hacked" if people find a legal way of getting qucik bucks and they just get proficient in using Empty fort strategy again and agian

7788bitcoin

legendary

Activity: 2282

Merit: 1023

Quote from: LFC_Bitcoin on July 13, 2020, 06:16:05 AM

Probably an inside job if I had to guess, wouldn’t be hard for an employee to get the blockchain.com wallet details.

Everything about the website is shady and the so called owner will be behind the heist, storing the coins in an online wallet and then the funds are moved simultaneously when he moved some small amounts and then he filed a police complaint in India just to show everyone that an investigation is taking place. The way in which a service is holding the funds is a joke and the threads regarding the service in this forum are deleted.

BD Crypto

full member

Activity: 658

Merit: 158

BTC Rocks

Another sad news apeard here.Actually not only mine but also all user advice is that you should never store your funds in exchange site.Because any centralized exchange can be hacked or be scam.
So always we should be safe and store then in private wallet.

stompix

legendary

Activity: 2828

Merit: 6108

Jambler.io

Quote from: sukbir on July 12, 2020, 04:44:28 PM

According to UK government site, they have registered their company in UK as well.
Source: https://beta.companieshouse.gov.uk/company/11644308/officers

Hihihi, I bet it's a company registered through a middleman by some guys that never set foot in the UK.
Seen it a lot of times, way too many times. Exstock was also a registered company in the UK, when people strated complain they found weren't allowed to conduct any financial activities, and empty office, and nothing.

But, the irony...

Correspondence address
Suite 207, Equitable House Business Centre, 10 Woolwich New Rd, London, United Kingdom, SE18 6AB
Equitable...my a**.

The director is a 30yo Indian esiding in the UAE and the manager a german from Malta. Oh yeah, nothing shaddy!

Quote from: gentlemand on July 12, 2020, 07:29:40 AM

From the looks of their site - https://cashaa.com/business-account - https://cashaa.com/personal-account - they are primarily about providing conventional banking with crypto integrated as a sideline. Many people, especially businesses, are desperate for banking so will go with anyone who offers it and makes crypto friendly noises.

They provide "banking" and they store their coins in a web wallet.....

Janation

hero member

Activity: 1722

Merit: 528

Quote from: NavI_027 on July 11, 2020, 11:43:57 PM

Quote from: Janation on July 11, 2020, 08:28:14 PM

With that huge amount of Bitcoins, they still can't afford a hardware wallet?

I'm wondering the same thing but here are the possible reasons I can think of: 1) They are new to this business (they are established on 2019) so their knowledge and management is not yet mature as the other big companies. However, this is not a valid excuse becuause you supposed to know the business, from the chances of best or worst case scenario, before entering. 2) They are complacent, thinking "What could possibly go wrong?".

Nevertheless, it's their own fault. They can't blame anyone even the hackers bacause being bad is in their nature already. How sad that the least thing they can do is to make their excahge bullet proof but they fail to do so Sad

.

That is so true.

They should really blame theirselves. They should know better since they are an exchange and they are holding lots and lots of Bitcoins in their hands. I don't know why they stick to holding it in a hot wallet, maybe they have their purposes but still, they should start using cold storage.

This is a lesson of the past for a lot of exchanges but they did not learn from it.

jerrison

full member

Activity: 1442

Merit: 106

Quote from: 100bitcoin on July 11, 2020, 04:11:56 PM

Quote

One of our wallets with http://Blockchain.info was compromised and funds were transferred to 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek #Cashaaexchangeissafe #Cashaafightsfraud @coincrunchin

Source: https://twitter.com/yourCashaa/status/1281995351864430593 ( http://archive.is/DTCh8 )

Quote

Cyber Crime department in Delhi is informed. Also, all the crypto exchanges have been notified about the hacker address (14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek) to block the #Bitcoin transaction.

Source: https://twitter.com/yourCashaa/status/1282010893115482112 ( http://archive.is/x72ui )

The incessant cases of hacking has of recent been on the increase and it is expected that projects should have tight security measures put in place to safeguard their investors fund as it the main target where hackers are having eyes on. Again, I do not expect funds to be kept in an online wallet as it is always targerted by hackers, they should be kept offline to keep the funds #safu just as it was in the case binance.

thesmallgod

full member

Activity: 1498

Merit: 129

Quote from: sheenshane on July 11, 2020, 07:49:07 PM

My question is, are they fully oriented on how to use Bitcoin or cryptocurrency?

That is a huge amount that something you trust web wallet and you know that you didn't own the private key of your wallet. Sounds strange for me, how this comes up like this.

I checked that transaction of scammed address, it seems like 336 bitcoin has been divided into small amounts within different addresses, the last 85 amount of Bitcoin landed on this transaction address. It seems like the hacker didn't cashout yet Bitcoin into fiat.

The problem with such exchange is that they don't wanna spend money on security. Any exchange platform should provide up to date security and also carry out security auditing at least ones in a month. If big exchange with robust securities are getting hacked, I don't know what the smaller one expect. If the bitcoin have been divided into small fractions. It is likely the hacker will get it mixed and it will remain untraceable after that

LFC_Bitcoin

legendary

Activity: 3486

Merit: 9384

#1 VIP Crypto Casino

Quote from: LoyceMobile on July 11, 2020, 04:14:07 PM

Putting 336 Bitcoin in a web wallet should be considered a crime by itself!

Probably an inside job if I had to guess, wouldn’t be hard for an employee to get the blockchain.com wallet details.

rathaha10

full member

Activity: 616

Merit: 108

io.ezystayz.com

Quote from: LoyceMobile on July 11, 2020, 04:14:07 PM

Putting 336 Bitcoin in a web wallet should be considered a crime by itself!

Well going through the original writeup, it doesn't seems the whole 336 bitcoin were stolen from him alone, he specifies that 336 bitcoins has been transferred to the hackers wallet so far meaning other peoples are affected also. I agree with you though, even a few amount of bitcoin that's worth something ought to be kept in a more secure hardware wallet rather than just some free online/web wallets

gentlemand

legendary

Activity: 2590

Merit: 3008

Welt Am Draht

Quote from: sukbir on July 12, 2020, 04:44:28 PM

According to UK government site, they have registered their company in UK as well. I think they report to uk police.

That's a bit of a shame. They don't have much notable track record when it comes to successfully nabbing cyber criminals or taking it particularly seriously.

In the UK you're supposed to report online crime here - https://www.actionfraud.police.uk which repeatedly refers to 'reporting' crimes rather than solving them. Most of the time they say they've noted it and... that's it.

Maybe they work a little harder, or do any work, if it's a large amount like this.

sukbir

member

Activity: 122

Merit: 13

🏆Bitcoin is king of Cryptocurrency World.

Quote from: Slow death on July 12, 2020, 05:05:01 AM

When I read about this news the first thing I thought about checking was:

Where will this exchange be located?

I went on the website and looked for their address and found this:

Quote from: https://cashaa.com/

Cashaa is the trading name of Cashaa Technologies Limited, a UK registered company (No. 11644308) whose registered office is at Suite 207 Equitable House Business Centre, 10 Woolwich New Rd, London, England, SE18 6AB.

on google map i didn't see anything relevant about this address, but they reported this case to Cyber Crime department in Delhi

https://twitter.com/yourCashaa/status/1282010893115482112

why didn't they report to the UK police?

According to UK government site, they have registered their company in UK as well.

Source: https://beta.companieshouse.gov.uk/company/11644308/officers

Rotten Egg

member

Activity: 172

Merit: 22

Cashaa is not new to BitcoinTalk. Here is what I found about them...

Announcement: https://bitcointalksearch.org/topic/cascashaa-the-next-generation-banking-platform-for-the-next-billion-airdrop-2272412

Bounty: https://bitcointalksearch.org/topic/bounty-cashaa-cas-the-next-generation-banking-platform-for-the-next-billion-2273856

Also, following details found about Cashaa founder Kumar Gaurav...

Personal Website: https://kumargaurav.com

Twitter Profile: https://twitter.com/kg_Cashaa

BlackHatCoiner

legendary

Activity: 1344

Merit: 6415

Farewell, Leo

How hard is to save your funds in an offline wallet? How??

Steps:

1) Install electrum on a cold machine.

That's all.

Krislaw

sr. member

Activity: 1204

Merit: 388

Biggest joke. Example of funds are not #SAFU
If a company like that doesn't know the vulnerability of a web wallet, then they deserve getting low ratings. Haven't even heard of their name before but seeing this news won't even make me go close to them. This hack would affect them because they seem not to much userbase and it's going to affect them.

Lucius

legendary

Activity: 3108

Merit: 5364

Fortis Fortuna Adiuvat⚔️

This is just proof that even those who should set an example to others have no idea what they are doing, because this is nothing but an ordinary amateurism. Given that they present themselves as a serious company with offices from Singapore to the UK, this event actually presents them in the right light - not only do they use an online wallet for their business, but they are not able to adequately protect that same wallet.

Just look at all these awards and recognitions over the years, one wonders who is crazy here and who is normal Huh

Source : https://cashaa.com/business-account

gentlemand

legendary

Activity: 2590

Merit: 3008

Welt Am Draht

Quote from: Yudhisthir on July 12, 2020, 07:35:31 AM

The exchange is from some Indians and the alleged hack is also from India. It could be an insider job. I don't mean that the exchange itself is involved but maybe someone that is working with or had worked in the past with the exchange that had some inside knowledge as how and where the funds are kept. Indian police have an experience of investigating hacks in the past, I hope they get to the hacker this time too.

Hmm. What's with all the GBP and EUR talk? And the London address? There are some mentions of India in there but visiting it I wouldn't know it had much to do with there at all.

If the Indian police do a good job then more power to them. If it was the UK they'd be told to 'report it' and then it would likely be ignored.

Yudhisthir

full member

Activity: 1034

Merit: 103

Chainjoes.com

Quote from: gentlemand on July 12, 2020, 07:29:40 AM

Quote from: kryptqnick on July 12, 2020, 05:16:39 AM

To be honest, I've never heard of Cashaa crypto exchange. Why would a person use a barely known exchange when there are multiple reputable ones out there? If an exchange is popular, there is a higher chance it will have a way better level of security. Plus, if it's reputable, there's a good chance the losses will be compensated to users (which is what happened with Binance a year or two ago). And what sort of exchange stores money on Blockchain rather than in a cold wallet?

My number one source of learning about obscure exchanges is when they rape their customers. It's a dependable stream of information.

I'd never heard of them before either.

From the looks of their site - https://cashaa.com/business-account - https://cashaa.com/personal-account - they are primarily about providing conventional banking with crypto integrated as a sideline. Many people, especially businesses, are desperate for banking so will go with anyone who offers it and makes crypto friendly noises.

The exchange is from some Indians and the alleged hack is also from India. It could be an insider job. I don't mean that the exchange itself is involved but maybe someone that is working with or had worked in the past with the exchange that had some inside knowledge as how and where the funds are kept. Indian police have an experience of investigating hacks in the past, I hope they get to the hacker this time too.

gentlemand

legendary

Activity: 2590

Merit: 3008

Welt Am Draht

Quote from: kryptqnick on July 12, 2020, 05:16:39 AM

To be honest, I've never heard of Cashaa crypto exchange. Why would a person use a barely known exchange when there are multiple reputable ones out there? If an exchange is popular, there is a higher chance it will have a way better level of security. Plus, if it's reputable, there's a good chance the losses will be compensated to users (which is what happened with Binance a year or two ago). And what sort of exchange stores money on Blockchain rather than in a cold wallet?

My number one source of learning about obscure exchanges is when they rape their customers. It's a dependable stream of information.

I'd never heard of them before either.

From the looks of their site - https://cashaa.com/business-account - https://cashaa.com/personal-account - they are primarily about providing conventional banking with crypto integrated as a sideline. Many people, especially businesses, are desperate for banking so will go with anyone who offers it and makes crypto friendly noises.

Slow death

legendary

Activity: 2968

Merit: 1095

Leading Crypto Sports Betting & Casino Platform

Quote from: kryptqnick on July 12, 2020, 05:16:39 AM

The company has stopped all the crypto-related transactions, however, prima facia users are not affected by this hack.

when I read it now, I saw that they also said this:

Quote from: https://cointelegraph.com/news/hacker-stole-336-btc-from-crypto-exchange-cashaa

“We are still investigating the damage caused by the incident and suspend all the withdrawals for 24 hours. We have called the board meeting to decide whether the company will bear all the losses.”

This is a big question now, and there is no way they could have been stolen this amount of bitcoin without affecting their customers, maybe for the time being so as not to panic people, they are using the language of politicians to calm people down.

Topic: Cashaa hacked. 336 BTC Stolen. (Read 648 times)