Topic: Major indian exchange gets hacked, 438 bitcoins stolen COINSECURE - page 3. (Read 1163 times)

The name is Coin"Secure", but they have failed to "Secure" their user's funds.
It will be appropriate to say that someone from the inside is involved with the hack, other than this, it is very hard to hack an exchange imo.
And it is really not a good incident for the Indian community. The government may add more restrictions if the users file a lawsuit against CoinSecure.

Only 438 BTC taken in this attack, eh? We've seen worse. I can already hear TheButterZone waking up in a cold-sweat, screaming himself awake in the dead of night over this kind of thing. This is specifically why people tell users to avoid using exchanges at all, but especially to use them as trusted storage. Lauda said it, these exchanges are not set up in any organized or qualified manner and it often is luck not competence that provoked a particular exchange to the peak of popularity. Once these exchanges become popular and have large holdings of Bitcoin these failures become exploited viciously.

It seems promising that there is every sign that the funds will be returned to their owners with the exception of only losing whatever trade profit they could have earned during the time of investigation.

Good call to remove the moderator, even if it is only a temporary measure, because this is a dicey situation that needs to be tread upon lightly.

Even I agree with OP, theymos might have given a different reason.But his intentions were clear.Theymos was trying to be polite and just at the same time.As expected from the admin.
Wut wut?He nurtured the community?Don't make me laugh bro.The community grew because of bitcoin(and its beauty)and not because of some 40 Y/O man who used to write some blogs which no one used to read and opens an exchange with no security over the funds(even though they named it coin*secure*).


We can't be sure about this.Maybe.Maybe not.
Don't let opinion overshadow the facts.Right now there is nothing to prove Benson's(and other members) innocence.And I am afraid that they can never prove it.

By looking at the increase in price, they should drop the idea of refunding 90% in fiat at locked price.Makes them look guilty.

I'm sure those coins were mixed by a mixer service, tracking it won't lead to anywhere 

Props to their decision to refund partially their customer's BTC, but I'll believe it when I see it, for now those are just promises to do a refund .
Question is, if they decided to continue operating will people keep using their exchange or move to another one?

Latest search of Coinsecure's so called hacked BTC.

16th April 2018

32.19872649 BTC sent from wallet 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA to 1FWJ7Jp3Xb67SPkmU6vxPaU1gswJazGXnT

https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA

Above 32+ BTC finally arrived in wallet address 1FWJ7Jp3Xb67SPkmU6vxPaU1gswJazGXnT via bech32 P2WPKH wallet addresses.

From https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA to

https://blockchain.info/address/3PQeKBeqAL6wgQBxycyHPTbQLdK9R8aFQv to

https://www.blockonomics.co/#/search?q=bc1qkcsq23fwr0xu25yzjcawevquw9em5pm7cp2vqs to

https://www.blockonomics.co/#/search?q=bc1qte9ymjj8jtxwwxqwgqvuk5g6w09uwgn3gaxk7w to

https://www.blockonomics.co/#/search?q=bc1qzcx0g43wuzh0x40wdkxz9h0nfle3fqtmu98rck to

https://www.blockonomics.co/#/search?q=bc1q06qm4zy4jxqzte2lgstsef2fj73n9scxh94ah4 to

https://www.blockonomics.co/#/search?q=bc1q3zhluhfe3qeenkdw8rmmnfeqpuzg6q2jmykhvm to

https://www.blockonomics.co/#/search?q=bc1qghlu84gs540t6etd30j95f44yrnqdgwnqptegp to

https://www.blockonomics.co/#/search?q=1FWJ7Jp3Xb67SPkmU6vxPaU1gswJazGXnT 

In case, u r not aware, forum moderation is neglected by Benson Samuel for a long time - https://bitcointalksearch.org/topic/can-we-expect-some-active-mod-in-india-forum-3125174.

Please read OP .
They promise to refund, 10% in BTC and 90% in INR at rate of 9th April 2018.
As you can see BTC price is up over 25% from price of 9th April. Who will pay loss >25% on 90% of users BTC held at Coinsecure.
Like i have about 0.1BTC with coinsecure from the time BTC/INR price was >1000000, my investment ~100000 INR, i was waiting for my price 1000000INR, now if siphoned funds not recovered i will be paid back 0.01BTC and <36000 INR for rest 0.09BTC, so it would be >50% loss to me.
There must be other users bought tens BTC at price >1300000, what will be their loss and who will pay it.

hmm, 25% to 50% loss, good relief!

Exactly. Its good to see Coinsecure taking this on them to assure a refund unlike other hacks for example 'Shitgrail' where the main guy from the exchange started blaming the developers and problem with nodes.

And to the people demanding a full refund in BTC, I am sorry for your loss. But be happy you are getting at least your money back.

The good news is that they are atleast going to refund the money in rupees which I suppose would be a great relief for their customers. They are also giving a bounty of 10% of the hacked funds, if someone is able to recover the hacker money. Hope the police are doing a deep background check on the employees and the owners of this company to identify who stole the money.

Who can believe that a computer scientist with over 20 years of experience, worked for computer giant like 'hp' can expose private keys of 438+ BTC for fork coins without moving BTC funds to other wallets?
Does Mr Benson believe this?
There was no necessity to insert private keys of active BTC wallet for BTG fork, even if it was necessary to insert private key of active wallet for fork coins, a cryptonoob would also start with small amount at first.
I am not crypto expert nor computer geek, still this story is unacceptable to me.

So by that definition, anyone who is reading this post works for Coinsecure? Or do you imply that the hackers don't have access to this forum? And you really think that a group of people who were conniving enough to syphon 430+ btc would be spending their time reading your posts? They probably had this planned all along.

It is definitely an inside job, I just can't believe that the entire team is involved. Definitely not Benson. And rest assured, he himself has enough coins to refund this 430+ BTC in its entirety. But that's his personal asset, I am not sure if he'll fund this refund out of his own pocket just because he's the co-founder. Or maybe he should, not only him, but all the founding members should pitch in to refund the customers.

This is confirmed inside job and whole Coinsecure Team is seems involved in it. And they reading this thread too.

In my preivious post in this thread i stated BTC addresses where stolen funds are lying and today they moved BTC funds to other P2SH wallets.

This clears that this job is done by CoinSecure member or entire team. If it was a hacker from outside he/she would never try to send BTC out of those addresses i mentioned above.

They never transferred out any BTC from address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA  after 13-04-2018, but today they transferred all 139+ BTC out to P2SH wallet address.

Hacker is insider and reading this forum as well, i think.

The person who removed him from charge himself said he was removed because of conflict of interest. You want to question that statement?

Also, anyone who's known Benson knows what kind of a man he is, he is as square as they come and it's not only me but many in the Indian community feel that way about him, because he has helped nurture the community into what it is today.

This is really an unfair move on the part of Coinsecure. If the exchange goes bust, then people might be happy to get back some money, in whatever form. If it continues operations, then the customers should be refunded fully. You cannot have a situation where the promoters make money and the customers absorb a portion of the loss.

Dr. Amitabh Saxena was appointed as Coinsecure CSO in Sept, 2017.

Dr. Amitabh Saxena has immense experience including a stint as a professor of Computer Science in Australia for several years. He has also worked with giants such as Hewlett Packard and Accenture.

https://www.cryptoninjas.net/2017/09/24/dr-amitabh-saxena-appointed-c-s-o-bitcoin-exchange-coinsecure/.

How is it possible that such experienced person can make mistake like this while dealing with 438.31BTC which is worth about $3.8million?

9th April, 2018 - Coinsecure update on webpage says 438.31859715 BTC siphoned out to BTC Address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA between 12:35 AM IST - 06:29 AM IST.
In fact 438.31859715 BTC was moved to above mentioned address between 2018-04-08 19:05:07 - 2018-04-09 00:40:50, please verify here https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA .

Some of Coinsecure's lost BTC funds are currently in addresses below.

1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA  139.42094629 BTC

1EL6w4XM7MVXJocdKbUprQszDkV87EQHeZ    9.44412409 BTC

3QmzSdCoPNQqpFmyyDFpMqWiTdLFrvLXfx    1.10477778 BTC

38GGuZBJD23uav4o2Urzqo3ZNkKUjr5xx3   12.49789000 BTC

19984XPvZux8bEdW4SBPmknevWZauamCnG   65.17902000 BTC

38RKQE1Mx9cmhB5j1xbMhmJLudANouWD5C    6.62085686 BTC

Coinsecure update-2 Friday, 13.04.2018 stating BTC funds siphoned, complaint reported to cyber cell Delhi and they are working with invetigation authorities.

No BTC funds are transfered out of address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA after 2018-04-13 08:46:22.

Why Coinsecure don't updates more details about exactly what happened?
Was this happened before insertion of private key or after insertion?
What wallet was used for BTG fork coins?  

Update 16-04-2018:-

Today 139.42094629 BTC also moved out from 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA  to P2SH Bitcoin addresses.

Above address 1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA  balance shows 0 BTC now.

Don't be so sure that it isn't outright incompetence/ignorance. You have absolutely no idea how inefficient and insecure the setups are, even of the top exchanges such as Coinbase. This is especially the case with exchanges that list half-centralized and bloated chains such as ETH (generating several million deposit addresses using Core is relatively easy, ETH you can't even sync without fast-sync within reasonable time let alone do something else).

That should be a common sense thing, but it ain't. Plenty of people did it that way.

---

When you got your degree for 5 bucks in some dodgy alley.

Yup, it will be and the price is indeed going up.It was 6700$ on 9th and today it reached 8500.
A huge difference of 1800$.
If it was all planned then yea, they will easily make a lot of profit by doing this.And they will save their name too.

Yup, sounds pretty stupid to claim BTG from an active address.And that too 438 bitcoins.Sounds like a pretty bad excuse.or might be pure dumbness.No idea.

https://coinsecure.in/   Update 3.1: Saturday, 14.4.2018, 6th paragraph on page.
"However, if recovery of siphoned BTC is not possible, then we will apply lock in rates as of 9th of April, 2018. 10% of Coin Holding Balance will be refunded in BTC and 90% will be returned in INR."

It means if you have 1 BTC with coinsecure and if they failed to recover siphoned BTC funds, they will refund you 0.1BTC and 0.9BTC will be calculated at rate of 9th April 2018 and refund in INR = (0.9 x ~400000 = ~360000INR).

It would be a big loss to coinsecure users if BTC price goes up. They have capped BTC price as of 9th April for refund in case siphoned funds not recovered.

All coinsecure users should write to coinsecure that we want all our BTC balances refunded in BTC not in INR at price of 9th April 2018.

This is looks like inside job to steal people money, BTC funds siphoned to address '1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA' were being sent to other addresses till 13th April, after then no BTC sent out of that address. There is still 139.42094629 BTC balance showing in wallet address '1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA' check here https://blockchain.info/address/1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA .

For BTG fork only needed private keys of wallets had BTC at the time of fork, there was no necessity to keep BTC in the wallet and insert private keys for fork coins,

Why Dr Amitabh Saxena did not withdraw BTC to another wallet for safety before inserting private keys for BTG fork?

Why BTC withdrawals stopped from hacker wallet address  '1BaEJquitskdXcTj53Uy6PuUtJ5a8ETWpA' after 13 April 2018?

I have contacted Coinsecure support via phone call and sent an email to [email protected] with my search report that shows clearly where lost funds are going to, most of lost BTC sent to BitcoinFog wallet addresses, P2SH addresses (starts with '3') and Bech32 (starts with 'bc1'), BitcoinFog using tor network so difficult to identify user but user can be traced if investigated deeply, even hacker can be tracked by monitoring end wallet address user is using reputed web wallet or BTC exchange.

This is possibly inside job or lack of knowledge to get BTG fork free coins caused this. Whatever it caused we CoinSecure users should demand refund of our BTC balance in BTC not in INR at the rate of 9th April 2018.

Where have they mentioned what you said? I dont think they have explicitly mentioned that anywhere

Coinsecure has mentioned that if lost funds found they will refund BTC to users, if lost BTC not found they will refund balance 10% in BTC and 90% in INR at price as of 9th Apr 2018.

Also check https://bitcointalksearch.org/topic/m.34668530

Looks like inside job.