Investigations behind cashaa hack continue
Cashaa remains on the hunt for the hackers that stole over $3 million through an employee’s personal laptop
On July 11th, it was reported that hackers breached Cashaa’s over the counter (OTC) desk and stole 336 Bitcoin (BTC), which converts to around $3.1 million. While Cashaa assured users that no clients have been hit by this hack, the platform made the decision to impose a hard stop on all crypto-related transactions for a 24 hour period to investigate the incident.
“There is no issue in our banking services; all Business accounts are working without any interruption. However, we have stopped all the crypto transactions. An emergency board meeting is being held to decide our further actions. We regret the inconvenience caused”, Cashaa tweeted on July 12th.
Cashaa is a digital payment platform based in the United Kingdom. It deals with Bitcoin OTC operations and collaborates with several high profile exchanges in India.
An official statement by the company reveals that the incident occurred in East Delhi with an OTC transaction manager who operated from his personal computer.
Founder and CEO of Cashaa, Kumar Gaurav, explains that malware may have been installed onto the employee’s personal computer. This led to a system breach that enabled unlawful exchange transactions through the compromised laptop.
Gaurav stated that the employee in question experienced a machine malfunction with the computer he used at work. This led him to file a request to operate from his personal computer and set up multiple alternative online wallets on various platforms, such as Huobi and Blockchain.com.
The firm decided to allow this, as his consistency in work would affect the “customer experience” for ongoing OTC deals and transactions.
Gaurav stated that the compromised device has been turned over to the company’s investigation team since the mishap and that the employee has been suspended until the investigation has been concluded.
According to Gaurav, the hackers managed to access the personal computer through active sessions that were opened in the browser. They also managed to deploy a variety of techniques, such as phishing and viruses.
The firm has filed a report with the Delhi Crime Bureau’s cyber division.
Cashaa also shared the hacker’s BTC wallet address in a tweet, informing all the major exchanges and encouraging them to monitor any transactions affiliated with the address as well as other wallets that have conducted transactions with it since the incident.
Some have already speculated that the theft could be an inside job carried out by a high-ranking executive of the bank.