DailyPost 2972
THE CRYPTO HEIST
The nature of this crypto heist might be comparable to the Bank of Bangladesh, Central Bank of Bangladesh way back in February 2016 and is still remembered in the history of cyber security globally. Crypto was supposed to be immutable but is now under fierce attack, with a few notable examples. The Indian Crypto Heist refers to the WazirX cyber attack resulting in the theft of $230 million (about Rs.2000 crores) in digital assets. This security breach led to WazirX losing nearly 45% of its holding assets. The nature of the hack and quantum of money lost also hits at the credibility of these platforms / exchanges.
The challenge is that Indian agencies of all hues and colours dealing with cyber crime are found to be not transparent and more so in real time. Even if the collaboration of agencies and intelligence is taken at face value which is not the case, the hack information is of immense operational value for the already invested and the potential investors. One can do the risk assessment if that nature of information is readily available. In the present case the cyberattack occurred on July 18. Even if some vague information hits the public domain, the officially validated granularity is where the facilitation of decision making lies.
Beginning to end the unfolding of the case is damning. How easy it is to open an account on WazirX on a fake name. Then it is possible to sell the fake account via Telegram to another individual. Fake on fake is fine, and it is possible for the buyer of the fake account to breach in this manner. The arrest of the Alam who set up the fake account, has been a breakthrough though investigators are still grappling with the complex web of crypto transactions. The charge sheet has been filed. Cyber criminals drained the hot wallet and attempted the cold wallet also. Some open questions remain. As per the charge sheet WazirX has fully cooperated in the investigation. Seems to be a clean chit.
How do we then account for the alleged misuse of mult-sig wallets (using multiple keys to authorise bitcoin transactions. Only seizing three laptops cannot be the end of the story. Delhi Police as per the chargesheet has accused Liminal Custody, a digital asset custody solutions company, that provides services to WazirX has not cooperated during the investigation, despite multiple notices. Its security protocols and accountability remain suspect as of now. Liminal Custody has denied all the accusations recorded in the charge sheet. Delhi Police intends to deal with them in a supplementary chargesheet. The investigation at its very best remains seriously inconclusive on several critical counts.
Potential security risks have for the first time come to the fore in a big way. It is a clear cut message to exercise caution and be fully aware of the potential risks when using any cryptocurrency exchange platform.
ARE WE IN A CRYPTO MESS WITH NO REGULATORS AND WITH NO COMPETENT INVESTIGATIVE CAPABILITY?
Sanjay Sahay
Have a nice evening.