- Platform was not breached, isolated incident found and one user account impacted
- Security upgrades have been resolved, and all user funds are secure
- If found culpable of error, we are ready to compensate the user 100% of his lost funds
Over the past week, we have come across a few videos and tweets from our Indian Twitter Community raising questions around the safety and security of funds on Indian exchanges. An alleged hacking incident that occurred on the 13th May this year, currently being examined, has ensued a trail of conversations which is damaging to the reputation of the Indian crypto industry. The CoinDCX team is in constant touch with the concerned user and we have promised our full support to him in resolving the problem while ensuring a satisfactory outcome at his end. Currently, the investigation is under process with various authorities.
At the onset, we would like to highlight that CoinDCX is one of the most secure and safe exchanges both in India and across the globe. At CoinDCX, the security of the digital assets and the private information of our clients is paramount. Our platform is built with industry-leading security protocols which are regularly tested to check any violations. Yet no security system can be 100% perfect and whenever loopholes are found we plug them immediately.
We would therefore like to reiterate that the CoinDCX platform was not breached and the initial investigation by the concerned authorities also came to the same conclusion. We continue to offer a safe and secure crypto experience to all our users as we have been since the inception of the company.
We would like to address the concerns highlighted on social media by the crypto community, while clarifying the situation and explaining CoinDCX’s current position.
When CoinDCX was notified about the case of a user reporting missing funds from his account after he lost access to the account, we immediately took the necessary steps to secure the user’s CoinDCX account at our end to avoid any further loss of funds.
Once the systems were in place, we constituted a two-level enquiry. The first level was an internal security assessment, which was conducted to identify and establish entry points, causes and loopholes if any. As mentioned, the initial investigation brought to light that there was no security breach on CoinDCX’s platform, while it shed light on how the attacker accessed the account by accessing the user’s credentials besides hacking his third party email.
We were also able to identify the beneficiary’s wallet address (where the funds were moved to) and initiated the second level of enquiry. The second level of enquiry was conducted jointly with the CoinDCX team as well as an international forensic team to trace the actions post the funds leaving CoinDCX. Our intention was to track the funds and block the usage of those funds. As the investigation is ongoing, divulging additional information may compromise the issue. Once resolved, we will provide full details to the necessary parties.
This process takes time. We have to hire external experts, coordinate with international agencies, and reach out to other exchanges. During this time period, we have been in constant touch with the user; our co-founders have been directly involved and communicating with the user. However at this point, the investigation team had advised us to not reveal any additional information as it may compromise the investigation process. Therefore, we have remained relatively quiet as we did not want to risk losing the funds forever.
When we claim to be the safest cryptocurrency exchange, it is not simply a marketing statement. Security is an evolving process and today’s best security systems are a result of various loopholes that attackers have managed to manipulate. With security systems, there is never 100% certainty as hackers and thieves spend their careers looking for ways into the system. As such, CoinDCX took a $100 Million USD insurance from BitGo to ward off any such eventuality. We’ll be exploring that option once the investigation report is out. If the investigation even remotely suggests that CoinDCX is culpable of error, we are ready to compensate the user 100% of his lost funds. We’ll do this from our own pocket even if the insurance claims don’t go through. This is our commitment.
There have been comments online about our caste, our community and even our nationality. We understand that members are only trying to support the user and help him get his due. We would like to reassure you that we are also working towards resolving this issue at the earliest in the best interest of the affected user and the exchanges. Our latest investment of INR 100 Million for #TryCrypto and building a free crypto education platform DCX Learn further reiterates our commitment towards enhancing safety and building awareness while fortifying capabilities to make India grow as a strong crypto nation.
For now, we would like to request the entire crypto community to stand with the user and with us while we complete the investigation process. The learnings will further help us protect the entire crypto community from future attacks.
We have been using time tested policies that have been adapted not only by Indian crypto exchanges but other financial entities in India and around the world. Once the investigation is complete it will highlight the entire picture. In the interest of transparency, we’ll also be sharing all the details of the report and highlight some improvements that we can make. For all of this to happen we need to ensure the investigation process moves along smoothly. We appreciate your patience as we complete our investigation so that we take our learnings and grow stronger.