Coincsecure

On April 9, 2018, Coinsecure, a Delhi-based cryptocurrency exchange, reported the theft of 438.318 bitcoins, valued at approximately $3.1 million USD, marking India’s largest cryptocurrency theft to date. The exchange, which operated as a regulated platform in India, disclosed that the stolen funds were siphoned from its bitcoin wallet to an external address beyond its control. Coinsecure filed a First Information Report (FIR) with Delhi police, accusing its Chief Scientific Officer (CSO), Dr. Amitabh Saxena, of potential involvement in the incident. The breach came to light when Saxena claimed the theft occurred during an exercise to extract Bitcoin Gold (BTG) for customer distribution, alleging that private keys were compromised in the process.

However, Coinsecure’s CEO, Mohit Kalra, who co-managed the wallet’s private keys with Saxena, disputed this account, asserting that the explanation was unconvincing and suggesting intentional misconduct. The FIR noted that the private keys were exported online, increasing suspicions of deliberate action. Coinsecure maintained that its core systems were neither hacked nor compromised, isolating the issue to the wallet managed by Saxena.Valued at roughly $7,000 per bitcoin at the time, the stolen 438.318 bitcoins equated to approximately 19 crore INR ($3.1 million USD). The exchange reported the incident to Delhi’s Cyber Cell and engaged specialists to trace the bitcoins, while expressing concerns that Saxena, hired in September 2017 for his blockchain expertise, might flee the country. Kalra requested police to seize Saxena’s passport to prevent his departure.

The incident triggered a criminal investigation, though the unregulated nature of India’s crypto landscape in 2018 posed challenges to recovery efforts.Coinsecure committed to reimbursing affected customers using its own funds, regardless of whether the stolen bitcoins were recovered. The theft exposed significant risks in insider access to private keys and the dangers of online key management. It eroded trust in Indian cryptocurrency exchanges, highlighting the need for stricter internal controls, secure key storage, and regulatory frameworks to protect users. The Coinsecure incident remains a cautionary example of the vulnerabilities posed by centralized control and inadequate oversight in emerging crypto markets.