Coinsecure Hack
Incident Overview
Coinsecure announced the heist, valued at $3.3 million. The CEO of the bitcoin exchange, Mohit Kalra, has accused his Chief Strategy Officer (CSO) of stealing 438 Bitcoin from the operator’s main wallet.
The issue was reported by the exchange after consumers complained about difficulty withdrawing funds from the platform. The exchange notified users through email and issued an official statement clarifying the incident: “We regret to inform you that our bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control”.
Coinsecure added a scanned copy of a police complaint CEO Mohit Kalra filed with the New Delhi police. Kalra filed an FIR (First Information Report) with the Cyber Cell of Delhi. According to the exchange, Chief Strategy Officer Amitabh Saxena is at the center of the incident. The company claims the funds were lost while he was extracting Bitcoin Gold to distribute to their customers.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Coinsecure, these are the critical security checks that could have prevented this incident (April 2018).
- Verify all logic paths related to Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next Coinsecure
The Coinsecure hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.